Ed,
I like your idea with using 1:1 NAT but just one question; If you use
SSL with the certificate on the web server, will the 1:1 NAT mess with that?
Regards,
Tim
On 3/6/2015 9:52 PM, ED Fochler wrote:
Bridging will disable firewall and DHCP on modem, this should be expected.
If it works, then you’re using it just fine. I have my DMZ hosts like that on
a separate network on OPT1 with their own IP range and 1:1 nat rules. It feels
more segregated that way to me than the bridging firewall scenario. That would
be my inclination on firewall best practices and least privilege blah blah blah.
ED.
On 2015, Mar 6, at 4:16 PM, Tim Hogan <[email protected]> wrote:
I am looking for some advice from the group about the best way to put pfSense
in my environment so that it can filter all traffic. The cable provider that I
use has given me a /29 of static IP address and one of those addresses is
assigned to the cable modem. When I asked about putting the modem into bridging
mode I found out that their idea of bridging is to disable the firewall and
DHCP service on the modem. So this is what I have come up with so far.
Cable Modem: 70.70.70.94
pfSense WAN: 70.70.70.93 (also my NAT address for the LAN)
pfSense LAN: 10.100.100.1/24
pfSense OPT1: bridged to WAN interface, no IP address
The OPT1 interface is connected to a switch that has the other devices with the
remaining IP address in the 70.70.70.89/29 space and I have the firewall rules
for this space on the WAN interface. It seems to work but I am wondering if I
am using the bridging feature correctly. Any thoughts?
Thanks,
Tim
_______________________________________________
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold
_______________________________________________
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold
_______________________________________________
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold
