1:1 NAT Help
-
I setup a PFSense box so that I could route multiple IP addresses to different servers that I am running. I get both of the IP addresses from the same cable router and a switch between the NIC cards. I have one of the servers working using port forwarding. Well almost working. FTP is acting up.
How do I setup NAT? There are no good tutorials that I have found. I should also add that these are DHCP IPs.
-
And what is your question?
(How do you test what? What do you expect, what do you get?)
-
What value do you put for internal and external subnet in the NAT 1:1 screen? Do I need to create a virtual IP so that I can forward it to that one machine. I guess that I am asking where do I begin?
-
Any help here?
-
Do you have multiple dynamic IPs or static IPs?
Do you have just these 2 public IPs which are in your diagram?Unless you have a whole range of IPs you dont need VIPs.
VIPs are only needed if you have more IPs than physical interfaces.In your case i honestly would not use 1:1 NAT.
1:1 NAT is usually use, if you want to expose all really big range of ports of a server to the internet.
Also you cannot use 1:1 NAT with your primary WAN (for obvious reasons like the webGUI is already running on that).IMO the best solution is to use aliases for the ports you want to forward, and just use normal port forwards.
Have you tried to do that?
It's just straight forward: Add alias, add NAT rule with alias, done.If you have multiple IPs you might have to add advanced outbound NAT rules to be able to route outbound traffic from the servers over their respective IP.
-
I only have two IPs both are dynamic.
I am using port forwarding for the primary wan already. I was not sure how to route the traffic on the second server to make sure that it gets the correct IP. Are there any good tutorials for this?
-
What exactly do you mean with
"I was not sure how to route the traffic on the second server to make sure that it gets the correct IP" ?Do you want to know how set up the pfSense, so traffic from the second server appears as if from the second IP?
Or do you mean: that if a request from the second IP arrives, the answer leaves via the correct interface?Answers to inbound requests to the second IP will always leave via the correct interface.
For outbound traffic go to:
firewall –> NAT --> outbound and select "manual outbound rule generation".
Below should a rule be autocreated for the primary WAN.
Create your own rule above this default rule with as source your server IP (x.x.x.x/32) and as NAT-IP the IP of your second interface.