NAT over lan
-
Good morning everyone,
internally (from a station 192.168.3.X I would like the traffic (all) to 172.xx.0.0 / 16 (external address) to be routed to the address (always internal) 192.168.30.XSomething that as a console I would have done
route add 172.xx.0.0 mask 255.255.0.0 192.168.30.X -pBut what at PFSENSE I don't know how to do.
I hypothesize a 1: 1 NAT but I don't find myself there. -
@freemaui-0 so pfsense has this 192.168.30 transit setup?
How does pfsense get to 192.168.30.x?
Set this as a gateway, and then create a route to for 17.x/16 to this IP.
-
I have multiple network interfaces (192.168.3.X / 24 and 192.168.30.X / 24) and each has a 192.168.X.254 interface gateway that rotates over the WAN.
The 192.168.3.X / 24 class can browse internally and externally, ONLY if it queries 172.xx.0.0 / 16 it must divert traffic to 192.168.30.num (a well-identified IP, which is an interface to a PLC).
I mostly have the self-generated rules from pfsense, so I wouldn't want to cause trouble.
-
@freemaui-0 if you want to get to 172 network via this 192.168.30.x address.. Just setup a gateway and then a route.
But if you have hosts on this 192.168.30 network your most likely going to run into asymmetrical traffic flow. This networks should be a transit network..
See how to do downstream routing via this drawing.
-
@johnpoz
Thank you for the quick answer, I study your scheme (even if I still chew these concepts a little).
I thought of a simple NAT or a firewall rule that "wildly" diverted a request / traffic to the 172 network to a static address I decided (192.168.30.X). I made it, conceptually, simpler. -
Nothing, I really ask you for a hand, I can't.
I do not want to generate "dirt" in the rules that autogenerate pfsense, but in the attempts made I have not been able to divert the traffic from the external IP to an internal IP :( -
@freemaui-0 said in NAT over lan:
a well-identified IP, which is an interface to a PLC).
So do these plcs have gateway set? For you to talk to devices in this 172 network, no matter how you get their from another network they would need to know the path to answer. Without a gateway back to pfsense for the source network or their default gateway.
You would not be able to to answer the 192. IP unless you did source natting.. A drawing of your network would be most helpful..
-
I update you, I actually rationalized the need ... the 192.168.30.x had to be the gateway for the 172 network, in this way the device that interfaces to the PLC network on 172 could actually route the traffic between the two networks . I really thank you for the speed and availability you gave me in your answers.
