Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    1 to 1 configuration issue

    Scheduled Pinned Locked Moved NAT
    1 Posts 1 Posters 236 Views 1 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • X Offline
      xjobex
      last edited by

      Hello everybody, first of all here is what I am trying to achieve:

      I have a pfSense firewall (a CARP-based cluster to be more precise) with a public IP configured on WAN interface, and communications / NAT to LAN work without problems. Now I configured a second public IP on the same WAN interface, and I want to map it 1:1 on a server that is on the LAN behind pfSense firewall.

      I followed the documentation and configured a 1:1 NAT, and now the server on the LAN is correctly reachable from the internet, but I have two issues:

      • Connections (e.g. on apache web server, or SSH) from the internet are always seen as coming from the pfSense firewall LAN IP in the logs, I do not see public IPs in the log files.
      • If from the server itself I try to access the public IP NATted on the server, the pfSense web interface appears, and the same happens with SSH. I add an example:
        LAN IP: root@serverLAN: ssh root@192.168.1.2 -> I correctly connect to the LAN server
        WAN IP mapped 1-1: root@serverLAN: ssh root@212.23.XXX.XXX -> I connect to pfSense and not to the LAN server

      As far as I understood I need to enable NAT reflection, so I followed this documentation: https://docs.netgate.com/pfsense/en/latest/nat/accessing-port-forwards-from-local-networks.html but I did not manage to solve the problem. What am I doing wrong? Is it possible to achieve what I am trying to do?

      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.