> On Tue, Jul 31, 2012 at 10:26 AM, Vick Khera <[email protected]> wrote: >> On Mon, Jul 30, 2012 at 6:10 PM, <[email protected]> wrote: >> > I have a pfSense 2.0 box connected to an ASDL modem running as a MPoA bridge. Basically the ADSM modem does some unspecified manipulation >> and >> > presents the public IP to the LAN connection via DHCP along with >> gateway >> > etc. information allowing the pfSense box to get out onto the >> internet. >> So your LAN interface on the pfSense box gets a public IP? What craziness is that? >> I'll assume you mean that your WAN interface on the pfSense is getting the public IP from the ADSM modem. In this case, just add a rule to the WAN tab on the firewall to permit https/ssh from your remote fixed IP from where you wish to monitor it. > Vick, > I think the issue here is that he wants both a public and a private IP on > the same interface. The public one is assigned by DHCP and the private one > is assigned manually. > Philip, > You should be able to use the sections "Configure Virtual IP" and "Configure NAT" in 2.x as they haven't really changed. The one difference > is that you *might* be able to use the "IP Alias" type instead of the "Other" type and then not have to configure anything using ifconfig. I am away from the office for the next few days, but if you still need help > when I get back I can plug something in on the WAN side of our pfSense and > do some testing. > Moshe
Hi Moshe, You are correct that the instructions work with a little modification - I suspect I failed to remove the "block private networks" option on the WAN interface when I tried the instructions the previous evening. You are also correct about adding an "IP Alias" rather than an "Other" alias - it adds the address to the WAN interface which saves the need to log on to the shell and/ or modify the start-up script. It appears the sequence of events which works for me are: 1) Add IP Alias for WAN interface with desired extra IP and netmask 2) Set outbound NAT to be manual 3) Add NAT rule as described in the HOWTO 4) Move new rule to the top of the rules list It appears you don't need to disable the "Block private networks" option of the WAN interface to make the above work. I presume there's no way to allow access without setting outbound NAT to be manual? I do create test wireless networks when necessary so it'll be a bit of a pain to have to add the NAT rules manually or change to "manual" and add the modem rule in when I want access to the modem. Thanks, Phil _______________________________________________ List mailing list [email protected] http://lists.pfsense.org/mailman/listinfo/list
