NAT Port forward wrong source address
-
I would try something like this.
I would not expect it to work.
That protocol any in the screen shot should probably be protocol TCP but I don't think that has been specified by you.
![Browser Shot-2017-08-25-12-33-23.png](/public/imported_attachments/1/Browser Shot-2017-08-25-12-33-23.png)
![Browser Shot-2017-08-25-12-33-23.png_thumb](/public/imported_attachments/1/Browser Shot-2017-08-25-12-33-23.png_thumb) -
"The only way these services can do this is to communicate via (WAN IP), so they can tell Client X they are there."
What? Makes no sense..
If your services require to be on a public - then put them on a public IP.. Do not try to run them behind a NAT..
-
"The only way these services can do this is to communicate via (WAN IP), so they can tell Client X they are there."
What? Makes no sense..
If your services require to be on a public - then put them on a public IP.. Do not try to run them behind a NAT..
If I had a 2nd IP to do this with, I would. Unfortunately my ISP makes it prohibitively expensive to add another IP.
I would try something like this.
I would not expect it to work.
That protocol any in the screen shot should probably be protocol TCP but I don't think that has been specified by you.
As you expected, it does not work.
-
If I had a 2nd IP to do this with, I would. Unfortunately my ISP makes it prohibitively expensive to add another IP.
Sounds like you've got yourself painted into a corner there.
-
"I would. Unfortunately my ISP makes it prohibitively expensive to add another IP."
Get a different ISP… Move DC/Colo - put your VPS on a different cloud.. Run it on IPv6 ;) There are bajillion options here vs trying to do something that is not meant to work in the first place.
-
Yeah you really should look to getting your /28 routed to you vs doing 1:1 Natting and such.. When a ISP just gives you a block like that its really meant that all your devices will just be on that network vs behind another router.. If you want to run your router/firewall then you should ask for that /28 to be routed to you via a transit.. This could be a /29 as Derelict mentions or even a /30, etc.
Once this /28 is routed to you then you can do whatever.. Break it up in to 2 /29 if you want.. Etc.. Cost you some IPs that way - but would allow you to assign a /29 to a specific customer.. behind pfsense.
-
Yeah you really should look to getting your /28 routed to you vs doing 1:1 Natting and such.. When a ISP just gives you a block like that its really meant that all your devices will just be on that network vs behind another router.. If you want to run your router/firewall then you should ask for that /28 to be routed to you via a transit.. This could be a /29 as Derelict mentions or even a /30, etc.
Once this /28 is routed to you then you can do whatever.. Break it up in to 2 /29 if you want.. Etc.. Cost you some IPs that way - but would allow you to assign a /29 to a specific customer.. behind pfsense.
I'll have to look in to a business line again then, because that's the only way Charter will give statics.
-
This could be a /29 as Derelict mentions or even a /30, etc.
I always recommend people ask for a /29 because:
1. It is ezpz to justify. Just tell them you need to do VRRP/CARP/HA.
2. Moar addresses is moar better. -
Did threads get merged? Something is not right.. There was a thread about the nat, and then there was a thread about /28
-
Thankfully I've found a solution specific to this set of services. Thanks for the help! I'm locking this now.