Access local servers using the public NAT 1:1 address behind LAN

mvanniek

Good day. Firstly as with many other people I would like to say “I am clueless”, so apologies for stupid questions and setup!

We want to use pfsense primarily for NAT purposes, and route external traffic to specific internal server ip’s.
As background our servers currently have dedicated IP’s but over 3 subnets! We can’t do anything about this….
We have installed the 2.3.3 amd64 on a VM with two NIC’s assigned to the Virtual Switch Manager in Hyper-V.

1. So we want to give all the servers in the DC the same subnet, i.e. 10.0.0.x
2. We then want to route the external traffic to the correct internal IP, so NAT 1:1. (So 129.198.200 to 10.0.0.100)
3. We also need the internal server to transmit the external IP not the 10.0.0.100 but the 129.232.198.200.
4. Lastly we need the servers on the LAN to see each other using both the 10.0.0.x and the external IP’s.

Externally I have 3 subnet 129.232.198 / 129.232.157 / 129.232.200
We allowed all traffic on IP4 and IP6 in and outbound on PFSENSE firewall rules.

1. So I have managed to do 1 by adding additional IP’s to the servers i.e. 10.0.0.100.
2. Also managed no 2 by routing the external traffic requested to 129.232.198.200 to 10.0.0.100 using 1:1 NAT. Made the gateway of the servers the firewall. And externally I can now open a website on the correct server.
3. 3 Just seems to work when I asked GOOGLE for my current IP on that server it said 129.232.198.200. So good right?
4. BUT I cannot get 129.232.198.200 to see 129.232.157.170 or 129.232.200.200 and vice versa. The requests for say web or ping all just open the firewall.

We would like the servers on LAN to see each other using the IP or FQDN or DNS names if possible!!

So after reading it sounds like I need a VLAN and perhaps DNS…
Attached is a bit of a network diagram to visualize the detail above..
Please can someone give me some pointers/help, especially on point 4?

mvanniek

Sorry guys any help would be great please?