When would I want to use transparent NAT versus bridging w/firewall
the DMZ and WAN interface?
-Josh
On Aug 20, 2008, at 2:47 PM, Ted Crow wrote:
This is similar to how I had our box configured before our recent ISP
change. It was tricky to set up, but pfSense worked where a PIX/ASA
box
basically melted down.
We had Dual WANs, multiple 1:1 NAT entries (w/Proxy ARP across both
WAN
subnets), DMZ port and 6 VLANs across 3 physical LAN ports, and
everything seemed to work fine, so long as traffic shaping wasn't
involved. PPTP and IPSEC both worked well.
The setup is greatly simplified now... One WAN, two LAN ports, 4
VLANs,
DMZ outside the internal firewall.
Ted Crow
Information Technology Manager
Tuttle Services, Inc.
-----Original Message-----
From: Joshua Galvez [mailto:[EMAIL PROTECTED]
Sent: Wednesday, August 20, 2008 2:28 PM
To: [email protected]
Subject: [pfSense Support] Is this proposed configuration feasible?
I'd like to configure my pfSense box with 5 NICS
1- WAN1 - x.x.x.169
2- LAN - 192.168.15.1/24 - internal secure network
3- PUBLIC - 192.168.1.1/24 - public wireless network
4- WAN2 - transparent
5- DMZ - transparent - webserver
I have been assigned two blocks of IP's on two separate incoming
connections:
x.x.x.168/29
x.x.x.168 is my network address
x.x.x.174 is my DSL router/gateway
x.x.x.175 is my broadcast address
x.x.x.176/29
x.x.x.176 is my network address
x.x.x.182 is my DSL router/gateway
x.x.x.183 is my broadcast address
I want to do the following.
I want the LAN and PUBLIC networks to be completely severed by
firewall from each other. I want the both to have access to the
internet through NAT on WAN1.
I want connections on PPTP-VPN (gre, tcp1723)to be forwarded from WAN1
to LAN:192.168.15.216. I want also to be able to connect to that VPN
using the WAN1 IP address from PUBLIC.
I want WAN2 and DMZ to be bridged and transparently firewalled. I'm
going to host a webserver on x.x.x.177. I want LAN and PUBLIC to be
able to access that webserver.
At some point, though not necessary to begin with I would like to
enable traffic shaping on LAN and PUBLIC to give priority to LAN
traffic going out WAN, and then other general shaping rules.
Is this feasible and doable configuration with pfSense? Am I making
it too complicated by trying to use one box to handle the NAT for one
connection, and the firewall for the other?
Any insight, guide, suggestions, would be appreciated.
Thanks
Josh Galvez
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
