On Thu, Feb 25, 2010 at 8:46 AM, Brent Clark <[email protected]> wrote:
> Is that the same as from (Under Network Address Translation (NAT) ): > http://www.pfsense.org/index.php?option=com_content&task=view&id=40&Itemid=43 > > 1:1 NAT for individual IPs or entire subnets. Effectively similar, but not entirely. With 1:1, your internal host(s) have a private IP address (such as 192.168.x.x), which correlates directly with a publicly routable IP address. In a bridged setup, the client owns the publicly routable IP address directly. I personally haven't figured out why I would want to use 1:1 when I can just bridge, except that some platforms won't let you use Captive Portal when you have a bridged interface. (This was true of m0n0wall, but I'm not sure about pfsense.) > Also I would like to ask. Can I block an iprange? The firewall lets you block CIDR networks. If your range doesn't fit neatly into a standard subnet then you have the choice of blocking the encapsulating subnet, or creating multiple rules to neatly cover the desired range. Hope that helps. db --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected] Commercial support available - https://portal.pfsense.org
