Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Static /29 subnet WAN –> Multi-LAN NAT Config howto?

    Scheduled Pinned Locked Moved NAT
    2 Posts 2 Posters 4.2k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • J Offline
      jaubine
      last edited by

      I'm seeing lots of examples on the forums of how to do 1:1 NAT relationships between multiple WAN IP's to specific LAN side hosts, but I'm having a bit of trouble finding configuration guidance / examples of how to NAT entire LAN subnets to multiple individual static WAN IP's though a PFsense or M0n0 system.. I can do this through a Cisco 2611, or just as easily (and more simply) hang individual routers off each public IP, but I'd like the added functionality of implementing a captive portal on one of the networks, VPN on another, traffic shaping on the whole lot, and some inter-network routing.

      I would like to setup the following:

      WAN                                LAN
      –---------------------------------------
      a.b.c.21/29 --> NAT <-- 192.168.21.0/24 (VLAN 21)
      a.b.c.22/29 --> NAT <-- 192.168.22.0/24 (VLAN 22)
      a.b.c.23/29 --> NAT <-- 192.168.23.0/24 (VLAN 23)
      a.b.c.24/29 --> NAT <-- 192.168.24.0/24 (VLAN 24)
      a.b.c.25/29 --> NAT <-- 192.168.25.0/24 (VLAN 25)
      (and so on..)

      I'd be doing this on a Soekris box, ideally using a single WAN interface (since all the WAN-side IP's are on the same GW), and a single LAN-side interface to a L2 switch using VLAN's to separate out the separate networks. Maybe perhaps using an OPT1 interface to a DMZ'ed network.  I'm guessing theres the need to setup VIP's on the WAN side to account for all of the public IP's, but I cant seem to figure out the NAT translations to the internal networks. I looked at the Multi-WAN howto doc as well, and it didnt seem clear enough for the purpose I'm trying to implement.

      Anyhow, Not sure if this request should have been posted in the Multi-WAN/Routing or in the NAT forum, but if anyone's interested in helping me out with a somewhat guided tour of how to set this up, I'd be happy to write up a final howto doc to post on the wiki...

      1 Reply Last reply Reply Quote 0
      • GruensFroeschliG Offline
        GruensFroeschli
        last edited by

        First create Virtual IP's for all the additional IP's you have on the WAN.
        You should probably use CARP VIP's here.

        Enable advanced outbound NAT
        firewall –> NAT --> outbound

        Now you can create a rule for each subnet and select as NAT-address the VIP.

        We do what we must, because we can.

        Asking questions the smart way: http://www.catb.org/esr/faqs/smart-questions.html

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.