Your assumption is correct. We have this same service from Comcast, and we have a few of our /28 assigned subnet as VIP's on the WAN. The full /28 is assigned into a third (DMZ) interface on the pfsense box as well in our case. Port forwards and NATs on the WAN utilize the VIP's, and other public traffic destined for our /28 gets routed into the DMZ.
Gordon Russell Clarke County IT 540 955 5135 ----- Original Message ----- > From: "Erik Anderson" <[email protected]> > To: "pfSense support and discussion" <[email protected]> > Sent: Monday, June 30, 2014 11:34:56 AM > Subject: [pfSense] routed subnet question > > Hello - > > I've been using pfsense for several years on a Comcast business cable > circuit. As many of you have experienced, with this service, Comcast > provides a modem with a 4-port customer-facing L2 switch. The WAN > interface of my pfsense router is connected to this switch. I then > assign the WAN interface one of the IPs from the /29 assigned to us. > The other IPs in that /29 I can then assign as VIPs and use for other > purposes. > > Shortly we'll be switching over to Comcast's fiber-based metro > ethernet service. This service is delivered to the premise via fiber > and the comcast provides a managed switch that we connect to via > copper ethernet. This being closer to a "professional-grade" service, > they assign a P2P address for our router's WAN interface and then they > route our usable subnet to that address. > > I have never used pfsense in this capacity (with a routed subnet) > before. Is my assumption correct that I should just be able add IPs in > the usable subnet as VIPs and then alter my NAT rules, etc. to use one > of those addresses for egress, use them for port-forwarding, etc.? > > Thank you! > -Erik > _______________________________________________ > List mailing list > [email protected] > https://lists.pfsense.org/mailman/listinfo/list > _______________________________________________ List mailing list [email protected] https://lists.pfsense.org/mailman/listinfo/list
