Obviously I was in a bad mood when reading your first email... sorry
about that.
I am hoping to do the routing and firewalling with the same pfSense
boxes due to budget constraints. A pair of (insert favorite brand
here) routers with failover would definitely be out of budget for
this project, at least for now.
As I said, every firewall is a router, so that's not a problem.
If I I simply add rules on the WAN interface tab to allow traffic to
the /27 addresses will this work? This way I do not have to turn on
the "Disable all packet filtering" check box as that would defeate
the
purpose. I suppose I could turn it on temporarily for testing then
turn it off and add the rules?
As long as you keep NAT firmly *out* of your head as you set this up,
you'll probably get it right (or close enough) on the first try.
Turning on that checkbox is the acid test - turn it on for a few
minutes, and if everything still functions, you've got the routing
right.
Also, your Asterisk servers should be secure enough to live on the
internet by themselves for a few minutes... if not, you'll likely be
attacked through some other vector (internal clueless users installing
trojans, often).
Will I need to tell the /27 LAN interface LAN that the /29 WAN
interface is its default gateway or will it know that from being
directly connected?
If you set up DHCP on the LAN, it should happen automatically.
Otherwise, yes, you need to tell the internal devices how to reach the
internet.
-Adam
_______________________________________________
List mailing list
[email protected]
http://lists.pfsense.org/mailman/listinfo/list
