On Jun 28, 2014, at 11:18 PM, Jonatas Baldin <[email protected]> wrote:
> Hi guys, how are you doing? I hope someone can bring me some lights here haha > I know this thread isn't about pfSense specific, it's more a network > discussion, but I know someone here can help! Plus, if you know some good > mailing list for Network discussion, please send me! > > Well, I got some equipment to make a network home lab for study, and before I > start to set everything up, I need to fill up some issues. > > First, I want to my topology to looks more or less like this: > http://imgur.com/aDBbBZK Fairly straightforward. > > - My pfSense box is facing the Internet, using PPPoE DSL authentication from > my ISP, and providing a DMZ and a LAN subnet. > - After, this subnet is connected do VyoS (router OS, fork from Vyatta), that > finally routes to the clients (and another VyOS, where I'll use OSPF). > > My doubts are: > - Are this generally ok? It is recommended? > Looks fine if what’s in the diagram is what you want to accomplish. > - If I want to make NAT rules for my clients in LAN A, a 8080 port for > example, what configuration should I make? Because pfSense doesn't know > directly the LAN subnet... Should I make a NAT for the VyOS and there make > another one? > NAT needs to happen where NAT needs to happen. You probably don’t need to NAT between 10.0.0.0/24 and 192.168.10.0/24. You would set up NAT in pfSense to the 192.168.10.X address. Note that pfSense will need routes so it knows to send traffic for 192.168.10.0/24 and 192.168.10.20.0/24 to 10.0.0.10. > - If I make a mobile IPsec VPN in the pfSense box, will I get access normally > to the LANs? You will need to tell IPsec to tell its clients that they can reach all the networks over the VPN connection (The clients need to know to route all traffic for 10.0.0.1/24, 192.168.10.0/24, 192.168.20.0/24, and possibly 172.16.0.0/24 over the VPN connection). > > - What should the clients Default Gateway be? Should it be the IP from the > router (and than, the router default GW the IP from pfSense)? What clients? The default gateway for each client needs to be the gateway of last resort to get off its subnet. A default gateway must be on the same subnet as the client. You probably want LANA to be 192.168.10.1, LANB 192.168.20.1, and the VyOS routers 10.0.0.1. > > I know some how-to for configuring the pfSense and router, but I'm stuck in > the "theory" behind the topology. It’s all in the diagram. ;) You can do the active/standby with two pfSenses and CARP. Note that it would require switching for the outside and DMZ interfaces that isn’t pictured. > > PS: I still didn't developed this physically, it's just on the scratch... I > want to know if this is correct before start. > > Best regards, > Jonatas B. > > ____________________________ > Jonatas Baldin de Oliveira > Profissional de TI > Skype: jonatas.baldin > > _______________________________________________ > List mailing list > [email protected] > https://lists.pfsense.org/mailman/listinfo/list _______________________________________________ List mailing list [email protected] https://lists.pfsense.org/mailman/listinfo/list
