Thanks David I'll try to clear things up.
Recall that my issue here is what kind of virtual ip I must choose. In this setup, the only thing I'm interested in, is that my clients have access to the internet and nothing else. I have 60 vlans all with a private /24 ip-net. My WAN is xxx.xxx.xxx.xxx/30 and then I have a /26 public ip net routed to that WAN address. I can then make 60 virtual ip-adresses and in "outbound nat" choose to have each vlan leaving the firewall through its own public ip-address. But what virtual ip should I choose? I read the "virtual ip" section in Chris book, but still I'm insecure, probably because I sometimes have problems with the terminology. But if I have understood correctly, then I don't need to set up the (assign it to a interface) /26 public ip net on the pfsense, as long as I'm using "other" Virtual ips. I'm not sure that it got clearer. If you still don't understand, then please let me know. Kind regards Anders -----Oprindelig meddelelse----- Fra: David Newman [mailto:[email protected]] Sendt: 16. januar 2010 00:07 Til: [email protected] Emne: Re: SV: [pfSense Support] virtual ip On 1/15/10 2:36 PM, [email protected] wrote: >> 1. Question. >> Imagine a setup where I have /30 as wan ip and routed a /29 public ip >> net to >> that address. This part is unclear. If your WAN interface uses a /30 prefix (255.255.255.252), then you are on a /30 subnet, not a /29 subnet. >> I have several lan-interfaces that I want to separate, so that every >> lan net >> will be natted through its own public ip. This can be true for only very small instances of "several": - with a /29 there are six valid hosts possible, one of which is your ISP's router - with a /30 there are two valid hosts possible, one of which is your ISP's router In the former case, yes, you can map each of five IP addresses on your WAN interface to some other address(es) on your protected interfaces. In the latter case, you have only one routable address. You still can map multiple services onto this address but you'd need different port numbers for each (to make up an example, you could map ports 2222, 12222 and 22222 to three different sshd servers on your protected network). dn >> If I have understood correctly, then I don't need to set up an >> interface >> with the public ip net, as long as I'm using "other" VIPs. >> Is that right? >> >> 2. Question. >> Imagine a setup where I have /30 as wan ip and routed a /29 public ip >> net to >> that address. >> I want to hand some of the public ips directly to servers, and I want >> to use >> some as virtual ips. >> If I have understood correctly, then I would set up an interface with >> the >> public ip net. But what vips will I use? >> >> Kind regards Anders > > > Please don't double post... you asked this question on Wed 1/13/2010 3:59 > AM. > > Best Regards, > Nathan Eisenberg > > Ok, But if you are able, I'll really appreciate your or someone else help. > > Kind regards, > Anders Dahl > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [email protected] > For additional commands, e-mail: [email protected] > > Commercial support available - https://portal.pfsense.org > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [email protected] > For additional commands, e-mail: [email protected] > > Commercial support available - https://portal.pfsense.org > --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected] Commercial support available - https://portal.pfsense.org --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected] Commercial support available - https://portal.pfsense.org
