This is similar to how I had our box configured before our recent ISP change. It was tricky to set up, but pfSense worked where a PIX/ASA box basically melted down.
We had Dual WANs, multiple 1:1 NAT entries (w/Proxy ARP across both WAN subnets), DMZ port and 6 VLANs across 3 physical LAN ports, and everything seemed to work fine, so long as traffic shaping wasn't involved. PPTP and IPSEC both worked well. The setup is greatly simplified now... One WAN, two LAN ports, 4 VLANs, DMZ outside the internal firewall. Ted Crow Information Technology Manager Tuttle Services, Inc. -----Original Message----- From: Joshua Galvez [mailto:[EMAIL PROTECTED] Sent: Wednesday, August 20, 2008 2:28 PM To: support@pfsense.com Subject: [pfSense Support] Is this proposed configuration feasible? I'd like to configure my pfSense box with 5 NICS 1- WAN1 - x.x.x.169 2- LAN - 192.168.15.1/24 - internal secure network 3- PUBLIC - 192.168.1.1/24 - public wireless network 4- WAN2 - transparent 5- DMZ - transparent - webserver I have been assigned two blocks of IP's on two separate incoming connections: x.x.x.168/29 x.x.x.168 is my network address x.x.x.174 is my DSL router/gateway x.x.x.175 is my broadcast address x.x.x.176/29 x.x.x.176 is my network address x.x.x.182 is my DSL router/gateway x.x.x.183 is my broadcast address I want to do the following. I want the LAN and PUBLIC networks to be completely severed by firewall from each other. I want the both to have access to the internet through NAT on WAN1. I want connections on PPTP-VPN (gre, tcp1723)to be forwarded from WAN1 to LAN:192.168.15.216. I want also to be able to connect to that VPN using the WAN1 IP address from PUBLIC. I want WAN2 and DMZ to be bridged and transparently firewalled. I'm going to host a webserver on x.x.x.177. I want LAN and PUBLIC to be able to access that webserver. At some point, though not necessary to begin with I would like to enable traffic shaping on LAN and PUBLIC to give priority to LAN traffic going out WAN, and then other general shaping rules. Is this feasible and doable configuration with pfSense? Am I making it too complicated by trying to use one box to handle the NAT for one connection, and the firewall for the other? Any insight, guide, suggestions, would be appreciated. Thanks Josh Galvez --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
