Re: [pfSense] Setup Question - Routing

Tue, 24 Mar 2015 18:50:11 -0700 

Thanks Chris and Walter,
I thought about both ways you guys mentioned, I didn't know if the method Walter suggested would work and I don't have a test lab to set a test environment up in, at least not any longer. :-) 


I am going to suggest him seeing if he can get a /29 for routing from 
his provider, even a private range just for routing between pfSense and 
their routers, and then break out the /24 on the LAN and OPT networks.


Thanks guys.

Joe


------ Original Message ------
From: "Chris L" <[email protected]>

To: "pfSense Support and Discussion Mailing List" 
<[email protected]>

Sent: 3/24/2015 9:01:35 PM
Subject: Re: [pfSense] Setup Question - Routing


On Mar 24, 2015, at 5:46 PM, Walter Parker <[email protected]> wrote:



 Using a chart like 
http://www.engineeringradio.us/blog/wp-content/uploads/2013/01/Subnet_Chart.pdf 
you can see the different /28 and /29 subnets that exist on a /24 
network.



 You would bind the .248/29 network to the WAN interface (use a /29 to 
leave a few extra addresses).



If the provider side of the interface is set for /24 and his WAN is set 
for /29 expect hilarious shenanigans to ensue.





 Then you would bind an reserved network (10.X, 192,168,X 172.16,X) to 
the LAN interface.



 Then on your third interface, you would bind multiple networks, 
.240/29, .232/29, .224/29, etc to the OPT1/DMZ interface.


What you say?


 Then each customer would use put there equipment directly on that 
that network. If the customers have routers themselves, you might want 
to setup a bunch of /30 networks (.252/30, .248/30, .244/30, .236/30, 
.232/30) for your and the customer's WAN interfaces. Then start down 
from .224 and assign /29 networks for the customer's DMZ/OPT1 
interfaces. Unless the customer is running without NAT, then the 
addresses could be put on the customer's LAN interfaces.



 The big trick here is make sure than none of your networks have 
overlapping IP address ranges. The chart above is very helpful for 
tracking different sizes. This means that you can't put .254 on one 
interface and .249/29 on a different interface as those networks 
overlap.



 Walter




He needs a routed subnet or has to use VIPs on WAN and 1:1 NAT. Or some 
convoluted bridging thing that I shouldn’t even mention because it’s no 
solution at all.



_______________________________________________
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold


_______________________________________________
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold





















					Reply via email to