Ryan Coleman wrote on Thu, Jun 25 2015 at 12:00 pm:
> Ok so I would be better suited, then, utilizing a third firewall?
>
> I have 2 right now on our Cable service: one for basic LAN traffic and one for
> specific services behind the firewall (SMTP, FTP, etc.).
>
> I could have this new FTTO/FTTP connection firewall actually do the specific
> services one, too, and route for the IPs?
>
> Here’s what their email said (yes, I did change the IPs to private to keep
> them
> off the net):
>> NOTE: As soon as the remainder of your service setup completed your static
> IP address will be live with this provided info. The rest of the service setup
> should be completed very soon. Additionally your 8-block of IP address are
> also
> provisioned. They are being routed to your firewall at 10.0.12.222 Network:
> 192.168.120.16 Netmask: 255.255.255.248 You can contact tech support when
> you are ready to change your MAC address.
>
> As it stands right now the firewall is definitely accessible remotely. And I
> like
> that. It sounds like I would get 6 functional IPs out of the group (17-21 and
> .222)
Will the servers/PCs behind the firewall have public IPs? If not, and
you want to use NAT, then I don't think one pfSense will work for you. I
suspect you'd need one that takes the packet for 192.168.120.17 arriving at
10.0.12.222, and passes it to its "LAN" network. Then you could set up a
second pfSense or router that uses 192.168.120.17 as its WAN IP address, uses
other 192.168.120.x IPs as IP aliases (on WAN), and provides NAT to a private
IP range.
Perhaps someone can jump in if there is a way to combine the two
functions. Maybe with four NICs and a convoluted setup of going out NIC 2 back
into NIC 3, with NIC 4 the private IP network. Seems error-prone, though.
--
Steve Yates
ITS, Inc.
_______________________________________________
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold
