@coldfire7 I am sure about it, because I had to create a vpn killswitch for that, so...

@dzinks You'd need two pfSense routers connected via their WAN interface. 192.168.1.0/24 can't exist on the same router with different interfaces. You'd need to do a 1:1 NAT on both routers with different addresses poining to 192.168.1.0 for Production and Sandpit. https://docs.netgate.com/pfsense/en/latest/nat/1-1.html https://www.netgate.com/resources/videos/nat-on-pfsense-23.html

@jms123 said in 1 : 1 NAT and outbound NAT: 1:1 NAT overrides any outbound NAT All traffic originating from that private IPv4 address going to the Internet will be mapped by 1:1 NAT to the public IPv4 address defined in the entry, overriding the Outbound NAT configuration

@skilledinept said in Disguising a device behind 1:1 NAT: I'd like to disguise HOST's real IP address from the rest of the network downstream For what purpose? Just at a loss to why anyone would want to do this?

I just looked in the games forum seems this is raised alot. Might read through the threads in there as seems some have it working on the Xbox thread so may work with mine. The game is modern warfare and the game I play is cold war but all the ports are the same so should be the same outcome. Now to find time and dust off my router lol

@jfre9193 I believe that is related to this: https://redmine.pfsense.org/issues/11805

@KOM No, the default rule should be fine.

@averagecdn I don't think you can do it like that in an asymmetric routing situation. You forward from the device that controls the server's traffic.

@acnic The failure of that bug is that pfSense is sending reply packets ever to the default gateway. So if you're on CE 2.5.1 and the DSL modem is not the default gateway, you will be affected. but if i connect to the LAN of the DSL modem and try i.e 192.168.2.2:80 it works as it should When you're in the DSL modems LAN and access pfSense, replies have not to be directed to a gateway. This also means, that you can do a workaround by masquerading incoming packets on the DLS router if it is capable of this function.

Nobody has any suggestion?

@testcb00 said in Two public IP (A/B), one DHCP, how to make specific internal IP use IP B?: Will it brake the network? or it is normal to make outbound like this, and make new outbound to overwrite for specific Hosts? No it shouldn't. Your new rules only apply to that one client. Everything else goes out the default WAN as per usual. Test it and see if there are problems.

simple solution would to just be a source nat. Outbound nat on your iot interface that nats traffic to your pfsense iot interface IP. Now this devices thinks any traffic be it coming from an openvpn connection, or even your lan thinks its coming from pfsense iot IP which is in your iot network.

@SteveITS Hi Steve, I followed your advice, reset all the rules and following the following link, redid the rules, All working! thanks to the availability! https://www.3cx.com/docs/pfsense-firewall/

@kom It's gone from clipboard and logs now. I removed it initially to not expose public ip. The real question is what I did to make it work because I was using port 5761 until just recently reverted back to port 5760.

How would 10.41.1.1 ever see your public IP as source? Other than the IP to create the vpn tunnel. Traffic inside the tunnel would look likes its coming from whatever pfsense gets for its tunnel IP after creating the vpn. For you to use your downstream network like that - would have to be setup. the network on the other side of the vpn would have to know to route traffic down the tunnel to get to your 10.36.45 network.. So your natting on pfsense to this 172.21.36.2 address now? If you don't you have the ubnt setup to route this traffic via your transit?