In such a scenario it's probably the easiest to just do routing: Wan: 202.172.254.202/24 LAN: 192.168.1.1/24 (default natted network for private IP space hosts) OPT1: 202.172.250.1/28 (routed network, hosts have public Ips)
To make this work you have to enable advanced outbound nat at firewall°nat, outbound tab. It will autocreate a rule for the lan segment. OPT1 will then be routed as there is no nat rule. This way you don't need virtual Ips and no natting for the clients at OPT1. It's kind of a DMZ attempt. You of course still need firewallrules to allow traffic in at OPT1 or WAN but you don't need portforwards or 1:1 nat for this then. Of course you can use the lan subnet for this as well. If you want to do this just delete the autocreated outebound nat rule after enabling advanced outbound nat. Holger -----Ursprüngliche Nachricht----- Von: Kelvin Chiang [mailto:[EMAIL PROTECTED] Gesendet: Dienstag, 13. März 2007 01:30 An: support@pfsense.com Betreff: RE: [pfSense Support] Virtual IP Hi Holger, To help me to understand, suppose the my WAN IP is 202.172.254.202/24 and I am also allocated with a subnet 202.172.250.0/28, I am able to define "Other" Virtual Ips for 202.172.250.0/28 subnets? How are the outbound NAT handled if certain IP addresses in my LAN is intended to NATed through some of the IP addresses on 202.172.250.0/28 instead of NATed through the WAN IP address (202.172.254.202). My apology if I still come back to this question. I tried to define outbound NAT to selectively NAT certain IP addresses in the LAN to an NAT IP (for example 202.172.250.1) in different subnet from the WAN IP (for example 202.172.254.202/24), but I have no luck. Regards, Kelvin -----Original Message----- From: Holger Bauer [mailto:[EMAIL PROTECTED] Sent: Tuesday, March 13, 2007 3:07 AM To: support@pfsense.com Subject: AW: [pfSense Support] Virtual IP You got it correct. Other can be used if the provider is just routing these IPs to you anyway like if you have one public IP and a public subnet (different from your real WAN IP) that can be used behind that IP. This way you can NAT these IPs to your private subnet hosts. This is often used in combination with PPPoE WANs for example. Holger ________________________________ Von: Kelvin Chiang [mailto:[EMAIL PROTECTED] Gesendet: Montag, 12. März 2007 07:18 An: support@pfsense.com Betreff: [pfSense Support] Virtual IP Hi, I have question that may be basic and stupid. What're the differences of "Proxy ARP" and "Other" Virtual IP? As what I am aware, Virtual IP based on Proxy ARP replies to ARP requests. Does it mean that "Other" does not? If it does not, what's the use of "Other" Virtual IP? Regards, Kelvin --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
