Am 23.05.2011 um 23:25 schrieb Tim Dickson:
>> Now I'm trying to segment the /24 into 4 subnets with the pfSense interfaces
>> being:
>
> It sounds easy enough
Maybe for you… ;-)
> - but may be because I'm not understanding exactly what you want.
> But the simplest method I could come up with would be to setup your WAN to
> accept every IP your ISP routes to you, then do 1:1 to each internal network
> you need.
Does that mean configuring
1. a virtual IP of type "Proxy ARP" on the WAN interface for "IP Address(es)"
of type "Network" with value "1.2.3.0/24" under "Firewall: Virtual IP Address:
Edit"
2. one NAT 1:1 entry for each of the desired subnets under "Firewall: NAT:
1:1: Edit", i.e.
- external: 1.2.3.1, internal 1.2.3.1/26, NAT reflection disable
- external: 1.2.3.129, internal 1.2.3.129/26, NAT reflection disable
?
> Create each internal network on a separate interface (either physical or VLAN)
I did that already.
> Then set the RULES inbound on your WAN interface as needed.
Would I still be able to filter traffic originating from LAN/OPT1 on their
respective firewall ruleset?
> That allows you to do any routing you want between interfaces / WAN and gives
> you granular control of everything.
*That* is exactly what I want ;-)
Thanks a lot,
Andreas
---------------------------------------------------------------------
To unsubscribe, e-mail: support-unsubscr...@pfsense.com
For additional commands, e-mail: support-h...@pfsense.com
Commercial support available - https://portal.pfsense.org
