I probably shouldn't introduce any further issues here... but aren't there issues having a 192.168.1.0/30 and a 192.168.1.0/24 on the same router? If you ping 192.168.1.1 or 192.168.1.2 from your router, what interface will it route those requests to?
Tim Nelson Systems/Network Engineer Rockbochs Inc. (218)727-4332 x105 ----- "Aliet Santiesteban Sifontes" <[EMAIL PROTECTED]> wrote: > People, here I attach you an image with my current settings and the > migration, is just replace one firewall with pfsense, without > changing > anything else. Notice that my wan is a private /30 network only for > connect with the isp, the public addresses are on the dmz net. > Is this posible as it is wusing pfsense?? > > > 2008/8/20 Luiz Vaz <[EMAIL PROTECTED]>: > > Yes, > > > > Advanced Oubound NAT, works fine for me too. > > I'd WAN,LAN and VPN interfaces. > > > > Using automatic NAT, the traffic stop flowing in the VPN > interface > > (Bridging over LAN). > > But enabling Manual Outbound NAT, everything works. > > > > Best Regards, > > Luiz Vaz > > > > 2008/8/20 Curtis LaMasters <[EMAIL PROTECTED]> > >> > >> Advanced Outbound NAT (Manual Outbound NAT) Menu...Firewall -> NAT > -> > >> Outbound > >> > >> You'll need to research this a bit but basically you will need to > specify > >> an interface in which the traffic will be NAT'd, the source network > range, > >> source ports (*) , Destination and Destination ports (*), the > address in > >> which it will be NAT'd as and what static mapping (usually * and > NO). Hope > >> that didn't confuse you too bad. > >> > >> > >> Curtis LaMasters > >> http://www.curtis-lamasters.com > >> http://www.builtnetworks.com > >> > >> > >> On Wed, Aug 20, 2008 at 3:16 PM, Aliet Santiesteban Sifontes > >> <[EMAIL PROTECTED]> wrote: > >>> > >>> I don't understand, let give more info: > >>> > >>> Right now this is a running setup with checkpoint. > >>> > >>> I mean, I have a net with my isp only to connect the firewall to > them > >>> is a /30 private range in the first nic1. > >>> > >>> I have another net on the other nic2 with hosts with public > addresses > >>> configured, I mean this hosts have configured public addresses, > and > >>> not use nat. > >>> > >>> I have another net on nic3 with a private LAN. > >>> > >>> Now, I'm changing the checkpoint with pfsense with a server with > three > >>> nics, and I must keep the current setup. > >>> > >>> One net in nic1 with my isp, the other net in nic2 will have > connected > >>> the current running hosts wich have configured a public range > address > >>> and in the nic3 connect the running private lan. > >>> > >>> I don't want to use nat in the current running public net, I just > need > >>> this net working(routing) > >>> trought pfsense, and be able to configure some filters in this > >>> network, this net is currently my op1 in pfsense, and the only > way > >>> they routing to internet is when I configure the gateway of my > isp. > >>> > >>> Any better solution to do this, without changig the currents > nets, > >>> only the firewall??. > >>> My point us that I don't wanna change avery single host on this > nets, > >>> just the firewall. > >>> > >>> best regards > >>> > >>> 2008/8/20 Chris Buechler <[EMAIL PROTECTED]>: > >>> > On Wed, Aug 20, 2008 at 11:56 AM, Aliet Santiesteban Sifontes > >>> > <[EMAIL PROTECTED]> wrote: > >>> >> Found part of the problem, I installed a clean pfsense, and > setup > >>> >> again the three interfaces. > >>> >> WAN-->> Connected to our isp trought a /30 private newtork > >>> >> OP1-DMZ-->> With the public range address assigned by our isp > >>> >> LAN-> Private segent. > >>> >> > >>> >> Nothing configured, I mean, nat, bridge etc. > >>> >> Added to simple rules, one to allow any from Lan in Lan > interface, and > >>> >> one to allow any from dmz interface. > >>> >> > >>> >> with this setup hosts on the dmz segment can't reach the > outside > >>> >> world, this hosts are configured with public network > addresses, > >>> >> > >>> > > >>> > You have to use Advanced Outbound NAT to use public IPs on an > internal > >>> > network. Adding a gateway to this DMZ interface, unless it has > an > >>> > Internet connection and will be used as an additional WAN, is > wrong. > >>> > It disables the NAT configuration since it thinks it's a WAN > >>> > interface, but that's wrong, you need to remove that and > properly > >>> > setup AON. > >>> > > >>> > > --------------------------------------------------------------------- > >>> > To unsubscribe, e-mail: [EMAIL PROTECTED] > >>> > For additional commands, e-mail: [EMAIL PROTECTED] > >>> > > >>> > > >>> > >>> > --------------------------------------------------------------------- > >>> To unsubscribe, e-mail: [EMAIL PROTECTED] > >>> For additional commands, e-mail: [EMAIL PROTECTED] > >>> > >> > > > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]