Multi Wan IP and NAT. Routing traffic from LAN host
-
Hi
I was looking for solution since months, but none of the articles didn't help me.
Case:
I've got dedicated server on Hetzner, this server has also additional network with public IP's. In that server I got KVM with few virtual machines. On one of the VM's I've install pfsense as firewall and gateway for all VM's.
I want to assign public ip's to some vm's. F.eg one of the vm's is a web and mail server. So using NAT I've assign 1:1 public IP <> Lan IP.
And everything works fine. However if VM is connecting to some service in internet, it's visible as using main WAN IP, not IP assigned to it. But I would like to use different IP's for outgoing traffic.At this moment I got:
incoming:
WAN
IP.A > host.A
IP.B > host.B
IP.C > Host.BOutgoing:
Host.A > WAN
Host.B > WAN
Host.C > WANBut I would like to have:
Host.A > IP.A
Host.B > IP.B
Host.C > IP.BI've try to manipulate with Gateways but still nothing. In Hetzner I got one GW for main IP and one GW for additional network. I've try to use both, but I can't assign different GW'a for each interface. or maybe I'm doing it wrong.
Is it possible to achieve that? Maybe my network configuration on dedicated server is wrong?! I don't know.
Thank's for any help
-
@kasproso
Basically that's what NAT 1:1 is meant to do.
However, you have to add the rules to WAN instead of internal interfaces at all. -
@viragomann ok, thank's.
So am I doing it wrong?
If this is ok, how the role should looks like? I was trying to figure it out, but maybe I'm not smart enough. -
@kasproso
https://docs.netgate.com/pfsense/en/latest/nat/1-1.html#natNAT 1:1 does network address translation on both, inbound and outbound traffic.
The interface you want apply this might be WAN rather than an internal interface, naturally.