Re: [pfSense] Setting up for 1:1 with block of statics?

Thu, 25 Jun 2015 13:35:49 -0700 

    
I believe VIPs can be used in this scenario. 
You would have pfSense have the single main IP for its WAN and the remaining 
block as VIPs. You then could use NAT to forward them to your LAN port segment.
-Yaroslav

-------- Original message --------
From: Steve Yates <[email protected]> 
Date: 06/25/2015  4:11 PM  (GMT-05:00) 
To: pfSense Support and Discussion Mailing List <[email protected]> 
Subject: Re: [pfSense] Setting up for 1:1 with block of statics? 

Ryan Coleman wrote on Thu, Jun 25 2015 at 12:00 pm:

> Ok so I would be better suited, then, utilizing a third firewall?
> 
> I have 2 right now on our Cable service: one for basic LAN traffic and one for
> specific services behind the firewall (SMTP, FTP, etc.).
> 
> I could have this new FTTO/FTTP connection firewall actually do the specific
> services one, too, and route for the IPs?
> 
> Here’s what their email said (yes, I did change the IPs to private to keep 
> them
> off the net):
>> NOTE: As soon as the remainder of your service setup completed your static
> IP address will be live with this provided info. The rest of the service setup
> should be completed very soon. Additionally your 8-block of IP address are 
> also
> provisioned. They are being routed to your firewall at 10.0.12.222 Network:
> 192.168.120.16 Netmask: 255.255.255.248 You can contact tech support when
> you are ready to change your MAC address.
> 
> As it stands right now the firewall is definitely accessible remotely. And I 
> like
> that. It sounds like I would get 6 functional IPs out of the group (17-21 and 
> .222)

        Will the servers/PCs behind the firewall have public IPs?  If not, and 
you want to use NAT, then I don't think one pfSense will work for you.  I 
suspect you'd need one that takes the packet for 192.168.120.17 arriving at 
10.0.12.222, and passes it to its "LAN" network.  Then you could set up a 
second pfSense or router that uses 192.168.120.17 as its WAN IP address, uses 
other 192.168.120.x IPs as IP aliases (on WAN), and provides NAT to a private 
IP range.

        Perhaps someone can jump in if there is a way to combine the two 
functions.  Maybe with four NICs and a convoluted setup of going out NIC 2 back 
into NIC 3, with NIC 4 the private IP network.  Seems error-prone, though.

--

Steve Yates
ITS, Inc.


_______________________________________________
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold
_______________________________________________
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

Reply via email to