Multiple subnets

Craig - AUS.SHop craig at aus.sh
Tue Jul 19 07:50:47 GMT 2005 

Hi Brad,

I am new to freebsd-pf, however my decision to use it was based on
exactly your predicament.

After a bit of head scratching and Googling, I now have a 5.4 box with 4
interfaces (2 x WAN + 2 x lan) My WAN's are PPPOE and my LAN's are both
public IP blocks (a /29 and a /27) I have a second firewall on one of
the IP's which does NAT for another private lan

My pfruleset allows unrestricted traffic across the lan's which is
important since you don't want to be "talking" across the two WAN's when
the boxes are all in the same room.

Filtering is done on inbound on the two WAN's (tun0 and tun1 in my
case). I use the reply-to feature on these pass rules to ensure that
replies go out the same interface that the request came from.

Outbound traffic from each subnet is directed out the appropriate WAN by
passing in on the LAN interfaces with the route-to feature directing to
the appropriate WAN interface.

Happy to give you some examples if you want them. I don't know about
doing it all on one WAN interface, but if your provider is happy to
route both subnets over the one endpoint, then I cant see that it would
be an issue. I wanted the additional bandwidth rather than the extra
IP's, so it was important for me to keep the WAN interface separate

Good luck
Craig

-----Original Message-----
From: owner-freebsd-pf at freebsd.org [mailto:owner-freebsd-pf at freebsd.org]
On Behalf Of Brad Bendy
Sent: Tuesday, 19 July 2005 7:41 AM
To: freebsd-pf at freebsd.org
Subject: Multiple subnets


Hello-
I am wondering how I would go about having multiple WAN subnets coming
over 
one ethernet interface, basically bridge mode I guess, then have
firewall 
rulesets based on the destination IP. Right now I use m0n0wall with one
WAN 
subnet, but I need to expand to have multiple CIDR blocks from my
provider. I 
know there has to be a way to do this, but not sure how. Any help/links
would 
be great!

Thanks
Brad
_______________________________________________
freebsd-pf at freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-pf
To unsubscribe, send any mail to "freebsd-pf-unsubscribe at freebsd.org"

More information about the freebsd-pf mailing list