1:1 NAT to VLAN IP or Port Forward?
-
I think I'm just missing something here, I can't seem to get a secondary IP from our public /28 to NAT to a VLAN IP.
I've tried to create the IP as a VIP, use direct 1:1, use the port forwarding etc…
I have the WAN configured on 50.xxx.xxx.85 /28
I need to port forward or 1:1 the public 50.xxx.xxx.86 to VLAN100 Internal IP 192.168.100.11 for HTTP traffic.
Does anyone have a step by step?
Physical Interface em1 has LAN on it, along with VLANS if that matters.
Thank you in advance for you time!
-
as a hint in beginning, you can use aliases to ease out your struggle
1\. Phase Create Virtual ip: type ip-alias Goto Firewall:Virtual IPs and press + Choose IP Alias Interface: WAN IP Address: 50.x.x.85 /32 Description: as you like 2\. Phase Create Port Forward Goto Firewall:NAT:Port Forward and press + Interface: WAN Protocol: as you need, most likely TCP or TCP/UDP Destination: 50.x.x.85 Destination port range: http (or if you need http and https you could do port alias, i also added other ports needed as ssh) Redirect target IP: 192.168.100.11 Redirect target port: 80 or that same alias as earlier Description: as you like All the other settings are default 3\. Phase Create Manual Outbound NAT Goto Firewall:NAT:Outbound and choose manual and save after that Press + Interface: WAN Protocol: Any Source: Type:Network / Address: 192.168.100.11 /32 Source port: Empty Destination: Any Translation: 50.x.x.85 port: Empty Description: as you like 4\. Phase Move your just created MON-rule to the first of the list and apply changesAfter those, just save everything and apply changes. Remember to reset states
You should be covered, if you do these with aliases, you can change public ip quite, if you doubt that ip is in use or it doesn't work -
as a hint in beginning, you can use aliases to ease out your struggle
1\. Phase Create Virtual ip: type ip-alias Goto Firewall:Virtual IPs and press + Choose IP Alias Interface: WAN IP Address: 50.x.x.85 /32 Description: as you like 2\. Phase Create Port Forward Goto Firewall:NAT:Port Forward and press + Interface: WAN Protocol: as you need, most likely TCP or TCP/UDP Destination: 50.x.x.85 Destination port range: http (or if you need http and https you could do port alias, i also added other ports needed as ssh) Redirect target IP: 192.168.100.11 Redirect target port: 80 or that same alias as earlier Description: as you like All the other settings are default 3\. Phase Create Manual Outbound NAT Goto Firewall:NAT:Outbound and choose manual and save after that Press + Interface: WAN Protocol: Any Source: Type:Network / Address: 192.168.100.11 /32 Source port: Empty Destination: Any Translation: 50.x.x.85 port: Empty Description: as you like 4\. Phase Move your just created MON-rule to the first of the list and apply changesAfter those, just save everything and apply changes. Remember to reset states
You should be covered, if you do these with aliases, you can change public ip quite, if you doubt that ip is in use or it doesn't workI have a question: The .85 IP is already in use on WAN, I'm attempting to use the .86 is this still the correct way to go?
I have done this exactly as shown here for the .86 and reset the state table but still cannot access the machine, I have confirmed I can access the .100.11 from inside.
Thanks,
Davin -
try with .87 if .86 don't work, your modem might use it.
and it will work with .85 if you don't have any use for http/https addresses on public ip with firewall management or in another system.
-
try with .87 if .86 don't work, your modem might use it.
and it will work with .85 if you don't have any use for http/https addresses on public ip with firewall management or in another system.
Hi,
I am certain .86 is not in use, we have a /28 with .81 as the gateway. For the .85 I have port forwards in use already. The only IPs in use on this block is the .85 and .82, I need to assign forwards for .84 and .86.
Any other options I can try?
Thank you for your help!
-
reboot :D
Can your firewall ping to your server? -
reboot :D
Can your firewall ping to your server?Rebooted, no change. Can ping from PFSense Ping Tool.
Ping output: PING 192.168.100.11 (192.168.100.11) from 192.168.15.1: 56 data bytes 64 bytes from 192.168.100.11: icmp_seq=0 ttl=128 time=0.331 ms 64 bytes from 192.168.100.11: icmp_seq=1 ttl=128 time=0.226 ms 64 bytes from 192.168.100.11: icmp_seq=2 ttl=128 time=0.223 ms 64 bytes from 192.168.100.11: icmp_seq=3 ttl=128 time=0.233 ms --- 192.168.100.11 ping statistics --- 4 packets transmitted, 4 packets received, 0.0% packet loss round-trip min/avg/max/stddev = 0.223/0.253/0.331/0.045 ms -
Then i must raise my hands, i don't know what is the problem. Sorry
-
Metu69salemi- Thanks, your instructions helped me out.
-
That's nice to hear.
And what is the OP's situation?
-
Resolved, your instructions were correct. It turned out to be that the server in question did not have the correct gateway assigned. Thanks for your help!