Help Nat alias /24
-
Hello, I have a rang of valid ips /24, and was wondering if there as my internal lan out with these ips valid on the Internet? type, making a nat 1: 1 in the DMZ to few machines, as are many more is unfeasible to make a nat 1: 1, there is some solution in pfsense that allow me to do this with a / 24 whole without making one by one ??
grateful for the attention
-
I am not entirely sure I follow what you are asking.
Individual 1:1 NAT statements are called 1:1 for a reason. You can't alias or range 1:1 NAT. If you really felt the need to create 255 1:1 NAT statements for the entire /24, I guess you could always try entering that into the config via the command line.
You can setup a NAT pool and have your LAN use a range of IPs either as round robin or sticky NAT for outbound NAT to the internet.
-
You can do a 1:1 NAT from a private /24 to a public /24, with a single 1:1 NAT entry, if that's what you mean.
-
Oh, I didn't know that. Cool. You learn something new every day. :P
-
You can also do a longer subnet to only 1:1 a portion of the /24 right?
Like a /27 on 30.40.50.128 so 30.40.50.128 - 30.40.50.159 would be mapped to 192.168.1.128 - 192.168.1.159 ??
-
You can also do a longer subnet to only 1:1 a portion of the /24 right?
Like a /27 on 30.40.50.128 so 30.40.50.128 - 30.40.50.159 would be mapped to 192.168.1.128 - 192.168.1.159 ??
Yep, any subnet size is doable. Network address doesn't have to match between them either, just has to be the same size subnet. So 30.40.50.128/27 - 192.168.1.0/27 is doable too.
-
I thought they had to match. Learned something new today.