Hi !
How about ordering two /30 additional subnets (or using RFC1918)
between the routers and pfSense, leaving the public IPs INSIDE and
adding routes ? No NAT whatsoever:
1.2.3.4 WAN - Router 1 - LAN 10.0.0.1 ---- 10.0.0.2 WAN - pfSense -
LAN a.b.c.1
1.2.3.5 WAN - Router 2 - LAN 10.0.1.1 ---- 10.0.1.2 OPT1 - pfSense - /
Routes :
at ISP :
1.2.3.0/25 gw 1.2.3.4
1.2.3.0/25 gw 1.2.3.5
On Router 1 :
1.2.3.0/25 gw 10.0.0.2
On Router 2 :
1.2.3.0/25 gw 10.0.1.2
On 19 nov. 07, at 16:23, Chris Bagnall wrote:
Greetings list,
I posted this sometime last week. Apologies in advance for the bad
form that is bumping one's own posts, but would be really grateful
if anyone's had any thoughts on the topic (even if it's "don't
bother").
Thanks in advance.
-----Original Message-----
Hoping someone here might be able to give me a hand with a rather
unusual network setup.
The scenario:
There are 2 DSL circuits provided to the site, each with an
independent /25 address range. The connected devices need to
failover from one to the other in the event of a line dropping
connection. ISP has provided routers which take the first address
(a.b.c.1 and x.y.z.1) of each range. The devices on the site need a
true public IP. Using RFC1918 address ranges is not an option.
Attempted solution:
1) Both ISP routers connected to pfSense box: primary DSL to WAN,
secondary to OPT1
2) pfSense IP set to a.b.c.2 on WAN with gateway being the ISP
router (.1)
3) pfSense IP set to x.y.z.2 on OPT1 with gateway being secondary
ISP router (.1)
4) Bridge WAN and LAN, setting pfSense LAN IP to the same as WAN IP
5) Define secondary DSL's range in Proxy ARP and create 1:1 NAT
entries between it and the primary range
6) Enable filtering bridge and create firewall rules to allow LAN ->
any, WAN -> LAN and WAN2 -> LAN
Now, this works okay up to stage 5, then it falls flat on its face.
The moment I enable the filtering bridge (even with the necessary
firewall allow rules in place) nothing seems to pass. Even pinging
the ISPs routers on .1 doesn't go anywhere.
I appreciate it's a bizarre setup, so I'd be grateful if anyone has
suggestions on how to achieve what I'm looking for with pfSense. The
obvious solution is to get the DSLs to share the same subnet (with
routers on .1 and .2 for example), but since they're from
independent service providers, that isn't going to happen.
Any suggestions gratefully appreciated (even if they're "it can't be
done" - if I know it can't be done, I won't spend any more time
working on it).
Regards,
Chris
--
C.M. Bagnall, Director, Minotaur I.T. Limited
For full contact details visit http://www.minotaur.it
This email is made from 100% recycled electrons
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Franck Horlaville
IT Manager
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
