I used to do what you describe by bridging WAN to OPT1 and turning on the filtering bridge option. Each server had its own separate hardware NAT/firewall and used one of the subnet IP addresses so if necessary it could be connected to bypass monowall or pfsense without making any configuration changes. Each filtering bridge rule could either apply to the whole server subnet or to the servers individually although they could not block server to server traffic.
Apparently you can do the same thing without bridging by using ARP when you have one IP address for pfsense and a separate subnet routed to you but my ISP connection was not setup that way. On Tue, 15 Aug 2006 11:28:41 -0500, you wrote: >We've only got 3 interfaces in our firewall, so there will only be OPT1. > >Is there a way to do this so I'm not required to address the OPT1 >servers with internal IP addresses? I would have to worry about split >DNS/etc to make sure that LAN people could access it via FQDN and I'd >rather not worry. > >Is it possible to have it like... > >WAN - 1.1.1.1 >LAN - 192.168.0.1-255 >OPT1 - (1.1.1.2-1.1.1.5) > >... so the servers are configured with their actual external IP >addresses? If we are required to use one of the IP addresses for the >actual OPT1 interface I can live with that. > >Any ideas? --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
