Hello all,
Well I asked this question a few days back under a sanity check subject
and it turned into more of a discussion on running pfSense in a virtual
environment so I am rephrasing the original question.
Running pfSense 2.0.3 on dedicated Hardware and I am working with my
current ISP to build a scenario like the following:
ISP ->pfSense WAN interface(redundant with CARP) listening on
65.251.xxx.xxx/29 -> LAN interface 69.169.xxx.xxx/27
The ISP will use one of the /29 host IPs for their router and obviously
I will need one IP for each of the WAN interfaces on the two pfSense
boxes and one for the first CARP ip.
That leaves me 2 "spare" addresses to use later. I am planning to use
th ese down the road as a network segmentation scheme.
So, the ISP will configure their routers to direct all
69.169.xxx.xxx/27 traffic to my WAN interface at 65.251.xxx.xxx/29.
I am "assuming" that from there I can simply port forward to the
69.169.xxx.xxx/27 addresses same as if they were private 192.168.0.0/24
addresses but with out NAT but, thisis where I am unsure. Do I set the
forwarding rules destination as the 69.169.xxx.xxx/27 address even
though this is on the LAN interface? How to i tel the WAN interface that
it is supposed to be listening for the 69.169.xxx.xxx/27 addresses?
Am I missing anything that is gong to make this plan unfeasible?
There is a good reason for doing this involving services (such as sip)
that do not play well with NAT and the fact that due to architecture
some virtual servers may be behind NAT within the internal environment
which would mean NAT'ing a NAT'ed address, never a good thing.
Thank You for any advice
JohnM
_______________________________________________
List mailing list
[email protected]
http://lists.pfsense.org/mailman/listinfo/list
