Hardcoded IP address redirection

JKnott

@viragomann said in Hardcoded IP address redirection:

Then just add a simple NAT rule to the LAN, translating the destination address in packets meant to 5.6.7.8 to the IP of the the replacement server.

No need for NAT. This is just basic routing.

Incidentally, this illustrates the nonsense that comes about with the IPv4 address shortage and use of NAT. People now assume it's the normal way of doing things, rather than recognizing the hack that it is.

shawty

@JKnott Create the VLAN on Hyper-V or on pfSense (as @viragomann suggested)?

When you say create a route, I assume you mean in pfSense at "System->Routing"?

Thanks
Shawty

JKnott

@shawty said in Hardcoded IP address redirection:

@viragomann Ah.. great, found it :-) Thanks.

That takes care of the pfSense end. You still have to worry about the VM. The configuration there is pretty much the same as for any other computer, except that you now have 2 interfaces to worry about. One is the basic LAN and the other the VLAN. If you want to use both, you'll have to configure the switch port as a trunk, rather than access port, so that both are passed. Then configure the VM to use the VLAN interface.

viragomann

@JKnott said in Hardcoded IP address redirection:

No need for NAT. This is just basic routing.
Incidentally, this illustrates the nonsense that comes about with the IPv4 address shortage and use of NAT. People now assume it's the normal way of doing things, rather than recognizing the hack that it is.

Both methods will work. If he gives the server a private IP, NAT is the way to go, otherwise he has to use public IPs internally, which is not recommended on other sites.

shawty

By the way all, sorry if I'm drawing this out, but I genuinely don't know my way round pfSense, I understand networking theory and all that jazz.

My networking skills are in the GSM & Mobile telephony space with things like GTP and SS7, I'm more used to sitting at an iOS command line on a Cisco switch than I am in the world of pfSense :-)

JKnott

@shawty said in Hardcoded IP address redirection:

@JKnott Create the VLAN on Hyper-V or on pfSense (as @viragomann suggested)?

When you say create a route, I assume you mean in pfSense at "System->Routing"?

Yes, that's where it's done. You create the route to the network, where the server is. There is also the Static Routes page to configure.

JKnott

@viragomann said in Hardcoded IP address redirection:

Both methods will work. If he gives the server a private IP, NAT is the way to go, otherwise he has to use public IPs internally, which is not recommended on other sites.

He said it's a hard coded IP, which means it will be a public address. He has to create a network where that IP can exist and then route to it. Yes, I know he shouldn't be using a public address that's not his, but there's no other choice. That's why I said to make that network as small as possible.

JKnott

@shawty said in Hardcoded IP address redirection:

I'm more used to sitting at an iOS command line on a Cisco switch

Someone should rap your knuckles for that. Cisco switches are not made by Apple! It's IOS, not iOS.

shawty

@JKnott ok so let me just make sure I've got this right.

1. In pfSense, create a vlan using "interfaces>assignments->vlans"
2. in hyper-v set up my virtual server to have an ip address EG: 10.0.0.1
3. in hyper-v server create a virtual switch and set it's network to be something like 10.0.0.1/30 and give it a vlan tag
4. in pfSense create a route to go from 5.6.7.8 to 10.0.0.1 using "system->routing"
5. in pfSense create a static route to go from 5.6.7.8 to 10.0.0.1 using (Iv'e yet to find the static route menu)

???

Cheers
shawty

viragomann

@JKnott said in Hardcoded IP address redirection:

He said it's a hard coded IP, which means it will be a public address. He has to create a network where that IP can exist and then route to it.

There's no reason, why it shouldn't work with a private IP and NAT.
The responding machine sends its request to the origin public address, pfSense forwards the request to the internal IP. When the internal server responses, pfSense translates the source IP back to the origin public.
The requesting machine won't notice that the request comes from an internal server.
Realized several times.

shawty

@JKnott

@JKnott said in Hardcoded IP address redirection:

@shawty said in Hardcoded IP address redirection:

I'm more used to sitting at an iOS command line on a Cisco switch

Someone should rap your knuckles for that. Cisco switches are not made by Apple! It's IOS, not iOS.

Sorry :-( LOL.... I'll consider my knuckles rapped (For what it's worth I have a similar aversion to fruit based technology, imagine the reply my boss got when I was told they where going to train me on blackberry servers)

JKnott

@viragomann said in Hardcoded IP address redirection:

There's no reason, why it shouldn't work with a private IP and NAT.

Does pfSense support LAN to LAN NAT?

JKnott

@shawty said in Hardcoded IP address redirection:

I'll consider my knuckles rapped (For what it's worth I have a similar aversion to fruit based technology, imagine the reply my boss got when I was told they where going to train me on blackberry servers)

I'm allergic to Apple gear.

shawty

@viragomann said in Hardcoded IP address redirection:

@JKnott said in Hardcoded IP address redirection:

He said it's a hard coded IP, which means it will be a public address. He has to create a network where that IP can exist and then route to it.

There's no reason, why it shouldn't work with a private IP and NAT.
The responding machine sends its request to the origin public address, pfSense forwards the request to the internal IP. When the internal server responses, pfSense translates the source IP back to the origin public.
The requesting machine won't notice that the request comes from an internal server.
Realized several times.

Sorry, been reading, didn't notice this reply:

So are you saying that I don't actually need Vlans here then? Let's say:

Device = 192.168.17.140 tries to connect to 5.6.7.8
pfSense-LAN = 192.168.17.3
pfSense-WAN = 1.2.3.4
NEW-Server = 10.0.0.1

Can I then just set up a NAT rule, on the pfSense LAN interface that says (Make any IP that's equal to 5.6.7.8 become equal to 10.0.0.1) along with a corresponding LAN rule that does the reverse, and not configure any Vlans anywhere at all?

JKnott

@shawty said in Hardcoded IP address redirection:

@JKnott ok so let me just make sure I've got this right.

1. In pfSense, create a vlan using "interfaces>assignments->vlans"
2. in hyper-v set up my virtual server to have an ip address EG: 10.0.0.1
3. in hyper-v server create a virtual switch and set it's network to be something like 10.0.0.1/30 and give it a vlan tag
4. in pfSense create a route to go from 5.6.7.8 to 10.0.0.1 using "system->routing"
5. in pfSense create a static route to go from 5.6.7.8 to 10.0.0.1 using (Iv'e yet to find the static route menu)

???

That's the general idea. I find the best way to learn something is to try it and then ask here if any issues turn up.

shawty

@JKnott Yea I find that too, but in this case I have to be careful I don't kill the pfSense setup as I have other users who rely on it's connectivity too, I also have some public facing sites of my own that are forwarded from WAN -> LAN accessible to some of my clients, so I've got to tread a little carefully here :-)

I'm currently reading a load of different posts on different aspects of pfSense.

Cheers
Shawty

viragomann

@JKnott said in Hardcoded IP address redirection:

Does pfSense support LAN to LAN NAT?

No, but you can NAT between different internal interface like LAN1 <> LAN2.

viragomann

@shawty said in Hardcoded IP address redirection:

So are you saying that I don't actually need Vlans here then?

You need VLAN anyway. NAT only works between different networks.

shawty

@viragomann said in Hardcoded IP address redirection:

@shawty said in Hardcoded IP address redirection:

So are you saying that I don't actually need Vlans here then?

You need VLAN anyway. NAT only works between different networks.

Question: Can I make one interface on pfSense have 2 different IP addresses? For example in the windows machine I type this on, I only have one physical NIC, but I have an adress in the 192.168.17.0/24 network and an address in the 192.168.40.0/24 network on it (The lights out controllers for my servers are all in the 40 subnet)

JKnott

@viragomann said in Hardcoded IP address redirection:

No, but you can NAT between different internal interface like LAN1 <> LAN2.

Then you're back to basic routing with no need for NAT.

NAT has become a curse on networking, because so many think it's the normal or even proper way to do things. Why use it, when it's not necessary, as in this case???