Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    DMZ: different Servers / different external IPs

    Scheduled Pinned Locked Moved NAT
    5 Posts 3 Posters 1.3k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • L Offline
      LeMa
      last edited by

      dear community,
      replacing my good old IPCop sigh wich a new firewall i have a question, my wordings can be bad because i'm used to Cop still and i'm totally new to pfSense and this is definitely another liga.

      in my DMZ there are 3 Servers: 10.10.0.1, 10.10.0.2 and 10.10.0.3.
      I have 5 static external IPs from my provider, i call them x.y.z.1 - x.y.z.5
      Now - for example - i want 10.10.0.1 seen as x.y.z.3 from outside and 10.10.0.2 and 10.10.0.3 as z.y.z.5

      I made aliases for all (the servers as well as the external IPs).

      Now how does that work wich pfSense? Do i need a 1:1 NAT? An Outbound NAT?
      :-)
      thx for your help.

      1 Reply Last reply Reply Quote 0
      • L Offline
        LeMa
        last edited by

        maybe my description sounded too complicated, basically its simply a SNAT question.
        the servers are reached over port-forwarding of course, so multiple port 80s go to different servers in my DMZ.

        now i want some servers in my DMZ use specific static WAN IPs to go outside. thats the question above.

        1 Reply Last reply Reply Quote 0
        • P Offline
          phil.davis
          last edited by

          You should be able to use Outbound NAT for that - switch to Manual Outbound NAT and add rules on WAN for traffic from a particular server IP/s to be NAT'd to the public IP that you want it to be. The rules are processed top-down, so you will need to put your specific rules before the more general ones that NAT whole subnets to WAN IP.

          As the Greek philosopher Isosceles used to say, "There are 3 sides to every triangle."
          If I helped you, then help someone else - buy someone a gift from the INF catalog http://secure.inf.org/gifts/usd/

          1 Reply Last reply Reply Quote 0
          • E Offline
            esink
            last edited by

            If it's a DMZ server I would just use 1:1 NAT for those servers. then all traffic destined for x.y.z.1 would go to 10.10.0.1. outbound NAT requires a lot more rules and settings and is port specific and such. He said DMZ so to me that means all ports open and let the box's OS firewall take care of things.

            /esink

            1 Reply Last reply Reply Quote 0
            • L Offline
              LeMa
              last edited by

              thanks for the answers. i'll choose the outbound NAT because i think the firewalls work should be done by the firewall ;)

              question:
              i made aliases for my static WAN IPs. do i need to tell pfSense somewhere that they belong to the WAN interface ???
              the WAN interface has IP like x.y.z.98, the rest are 99-102 (97 is my gateway which is in the WAN interface configuration)

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.