Ok so I would be better suited, then, utilizing a third firewall? I have 2 right now on our Cable service: one for basic LAN traffic and one for specific services behind the firewall (SMTP, FTP, etc.).
I could have this new FTTO/FTTP connection firewall actually do the specific services one, too, and route for the IPs? Here’s what their email said (yes, I did change the IPs to private to keep them off the net): > NOTE: As soon as the remainder of your service setup completed your static IP > address will be live with this provided info. The rest of the service setup > should be completed very soon. Additionally your 8-block of IP address are > also provisioned. They are being routed to your firewall at 10.0.12.222 > Network: 192.168.120.16 Netmask: 255.255.255.248 You can contact tech support > when you are ready to change your MAC address. As it stands right now the firewall is definitely accessible remotely. And I like that. It sounds like I would get 6 functional IPs out of the group (17-21 and .222) > On Jun 25, 2015, at 10:51 AM, Steve Yates <[email protected]> wrote: > > Ryan Coleman wrote on Thu, Jun 25 2015 at 10:03 am: > >> So I got FTTO from the local non-telco and they have a static IP for my >> firewall >> separate from my assigned block and my block is definitely not in a routable >> space with the master IP. >> >> Let’s assume the configuration is something like this… >> >> Firewall: 10.0.12.55/30 -(Gateway, for sake of argument, is 10.0.12.56) >> Statics: 192.168.120.16/29 (so .17 through .21 are usable)… they say they are >> forwarding to the firewall… > > Assuming you've used private IPs in your example and actually have > public IPs on both sides, what they've done is to route the entire subnet to > you. pfSense's WAN would use 10.0.12.56 and computers on the LAN could use > the public IPs directly. pfSense is what would do the routing between them. > pfSense would use, say, 192.168.120.17 for its LAN IP and that would be the > gateway on your computers. So .18-.22 would be usable on your "LAN" side. > > -- > > Steve Yates > ITS, Inc. > > > _______________________________________________ > pfSense mailing list > https://lists.pfsense.org/mailman/listinfo/list > Support the project with Gold! https://pfsense.org/gold _______________________________________________ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
