NAT to address range
-
Hello Everybody;
I have the situation below :
LAN (x.x.x.x) –------pfsense (192.168.10.1)---------WAN (192.168.10.0)
I want to translate every adress coming from LAN to the WAN interface into an adress from the WAN network 192.168.10.0/24
For the test , I used SharkWire on an network interface of a machine in the wan Pc2 to see the paquets coming from an interface from the LAN Pc1 when executing pingPc1 (LAN) –-------->ping------->Pc2 (WAN)
With Firewall : NAT : Outbound ,I chossed Manual Outbound NAT rule generation (Advanced Outbound NAT (AON))
this is my mapping:
1st case :
Interface Source Source Port Destination Destination Port NAT Address NAT Port Static Port
WAN 172.16.0.0/17 * 192.168.10.0/24 * * (=Interface address) * NOon the sharkwire , the command ping from pc1 to pc2 show me pakets coming from 192.168.10.1 to 192.168.10.x , so the mapping is fine, I ve used the Wan interface adress as outgoing adress for all adresses from LAN
2ndcase :
Interface Source Source Port Destination Destination Port NAT Address NAT Port Static Port
WAN 172.16.0.0/17 * 192.168.10.0/24 * 192.168.10.2 * NO192.168.10.2 is a virtual IP single adress
I could see packets coming really from x.x.x.x to the WAN as coming from 192.168.10.2 which is Ok3rd case :
Interface Source Source Port Destination Destination Port NAT Address NAT Port Static Port
WAN 172.16.0.0/17 * 192.168.10.0/24 * 192.168.10.0 * NOin this case, I want adresses from the LAN to be translated into adresses from a range which I specify. When making virtual IP adresses, I have choice to make single or network. I choosed network n I specified the same network of the WAN 192.168.10.0/24 but when sniffing on the traffic between pc1 n pc2, the translation is made into 192.168.10.0 and 192.168.10.1 which is wierd and besides I cant use any adress from this range anymore to attribute it to any pc in the WAN, it keeps the whole range adress. how to do ?
Thanks for ur concern in advance.
-
You cannot specify a range as NAT IP.
You will have to create as many NAT rules as you have Virtual IPs. -
thanks
ok, but why do I have this option of network in the virtual IP address? It wont b practical to put many rules as I have adresses..
is it the same line in each mapping with a difference just in NAT address , meansInterface Source Source Port Destination Destination Port NAT Address NAT Port Static Port
WAN 172.16.0.0/17 * 192.168.10.0/24 * 192.168.10.2 * NO
WAN 172.16.0.0/17 * 192.168.10.0/24 * 192.168.10.3 * NO
WAN 172.16.0.0/17 * 192.168.10.0/24 * 192.168.10.4 * NO
.
.
.when I specify my network in virtual IP and then return to edit the Virtual IP @, I found that it is a single address which is confusing !!
-
You can specify ranges of VIPs only with PARP.
THis can be usefull if you want to 1:1 NAT map a whole range at once.But usually you define VIPs for such an usage how you want it as single IPs.
You can also not use aliases in the Advanced outbound NAT rules :(