Il giorno 02/set/2011, alle ore 17.51, Jim Pingle ha scritto: > On 9/2/2011 11:17 AM, Giacomo Di Ciocco wrote: >> Hello everyone, >> please consider this scenario: http://www.deffie.it/garbage/theproblem.png >> >> Servers are reaching the internet from their public IP in the /26 and >> they have PFSense /26 IP as their default route, this is ok. >> >> Users from LAN are reaching the internet with the PFSense IP in the /30 >> but it is not conceptually correct, how can make services and LANs to >> reach the internet from the /26 address assigned to pfsense ? > > That isn't a typical need, but I believe you can do that with some trickery. > > Add an 'other' type VIP for the pfSense IP in the /26, then edit your > manual outbound NAT rule for the LAN subnet going out WAN, and have it > translate to that IP. > > I have a vague recollection of someone I talked with doing that some > time ago, I thought it worked, but don't quote me on that. :-)
Hi Jim, I applied a modified version of "your" solution, i've split the /26 in two /27s the first /27 is in the interface facing the servers and the second is in the WAN, then i modified outbound nat to source packets from the LANs with an ip from the second /27 assigned to the WAN; can't actually find any drawback to this setup. The state-of-the-art solution was to have another pfsense box with LANs connected to it and WAN in the /26, cannot find how to do this with just one box... Opinions appreciated :) Regards, Giacomo. --------------------------------------------------------------------- To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
