Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Complicated NAT Question

    Scheduled Pinned Locked Moved NAT
    4 Posts 2 Posters 1.4k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • K
      Kirloth
      last edited by

      Greetings,

      I am using 2.2.6 pfSense as my router/firewall.  I have two static IPs, which for the purposes of the question we'll say are 1.1.1.1 and 1.1.1.2.

      I want 99.9% of my network traffic to go out to the Internet as 1.1.1.1, but I would also like to NAT any and all traffic for my web server for 1.1.1.2.  I have a very heavy Cisco background, both in routers & firewalls, and I think it is proving more of a hindrance than a help in this situation.

      Can anyone please point me to some documentation about how to create this functionality in pfSense?  My searches seems to have turned up conflicting or unclear information.

      My thanks!

      1 Reply Last reply Reply Quote 0
      • johnpozJ
        johnpoz LAYER 8 Global Moderator
        last edited by

        Are these public IPs on different connections or the same one.  So your wan on pfsense as 1.1.1.1, create a vip for 1.1.1.2 and forward traffic to your webserver via your vip.  And then on your outbound nat setup your webserver to use the vip for its outbound traffic.

        An intelligent man is sometimes forced to be drunk to spend time with his fools
        If you get confused: Listen to the Music Play
        Please don't Chat/PM me for help, unless mod related
        SG-4860 24.11 | Lab VMs 2.8, 24.11

        1 Reply Last reply Reply Quote 0
        • K
          Kirloth
          last edited by

          Yes.  The IPs are both on the same connection.

          Thanks for your reply.

          Just to be sure I understand, I will:

          1. Create appropriate NAT and Firewall rules for Incoming from Virtual IP that point the the web server.
          2. Create an outbound NAT rule for my web server to use the Virtual IP.

          One other question:  Do I need to remove the auto-generated outbound NAT rules, or will my manual outbound NAT rule be prioritized over them?

          Once again, my thanks!

          1 Reply Last reply Reply Quote 0
          • johnpozJ
            johnpoz LAYER 8 Global Moderator
            last edited by

            No you do not need to remove the auto..  You need to make sure that the webserver talks back out the same IP it came in.

            An intelligent man is sometimes forced to be drunk to spend time with his fools
            If you get confused: Listen to the Music Play
            Please don't Chat/PM me for help, unless mod related
            SG-4860 24.11 | Lab VMs 2.8, 24.11

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.