On Mar 24, 2015, at 5:46 PM, Walter Parker <[email protected]> wrote: > > Using a chart like > http://www.engineeringradio.us/blog/wp-content/uploads/2013/01/Subnet_Chart.pdf > you can see the different /28 and /29 subnets that exist on a /24 network. > > You would bind the .248/29 network to the WAN interface (use a /29 to leave a > few extra addresses).
If the provider side of the interface is set for /24 and his WAN is set for /29 expect hilarious shenanigans to ensue. > > Then you would bind an reserved network (10.X, 192,168,X 172.16,X) to the LAN > interface. > > Then on your third interface, you would bind multiple networks, .240/29, > .232/29, .224/29, etc to the OPT1/DMZ interface. What you say? > Then each customer would use put there equipment directly on that that > network. If the customers have routers themselves, you might want to setup a > bunch of /30 networks (.252/30, .248/30, .244/30, .236/30, .232/30) for your > and the customer's WAN interfaces. Then start down from .224 and assign /29 > networks for the customer's DMZ/OPT1 interfaces. Unless the customer is > running without NAT, then the addresses could be put on the customer's LAN > interfaces. > > The big trick here is make sure than none of your networks have overlapping > IP address ranges. The chart above is very helpful for tracking different > sizes. This means that you can't put .254 on one interface and .249/29 on a > different interface as those networks overlap. > > > Walter He needs a routed subnet or has to use VIPs on WAN and 1:1 NAT. Or some convoluted bridging thing that I shouldn’t even mention because it’s no solution at all. _______________________________________________ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
