Am 23.05.2011 um 23:25 schrieb Tim Dickson: >> Now I'm trying to segment the /24 into 4 subnets with the pfSense interfaces >> being: > > It sounds easy enough
Maybe for you… ;-) > - but may be because I'm not understanding exactly what you want. > But the simplest method I could come up with would be to setup your WAN to > accept every IP your ISP routes to you, then do 1:1 to each internal network > you need. Does that mean configuring 1. a virtual IP of type "Proxy ARP" on the WAN interface for "IP Address(es)" of type "Network" with value "1.2.3.0/24" under "Firewall: Virtual IP Address: Edit" 2. one NAT 1:1 entry for each of the desired subnets under "Firewall: NAT: 1:1: Edit", i.e. - external: 1.2.3.1, internal 1.2.3.1/26, NAT reflection disable - external: 1.2.3.129, internal 1.2.3.129/26, NAT reflection disable ? > Create each internal network on a separate interface (either physical or VLAN) I did that already. > Then set the RULES inbound on your WAN interface as needed. Would I still be able to filter traffic originating from LAN/OPT1 on their respective firewall ruleset? > That allows you to do any routing you want between interfaces / WAN and gives > you granular control of everything. *That* is exactly what I want ;-) Thanks a lot, Andreas --------------------------------------------------------------------- To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org