NATing when the destination address is in my subnet/IP space
-
Hello,
I'm trying to do NAT port forwarding using a destination address in my subnet IP space which will then forward the traffic onto another network entirely but thus far have not been able to get it to work.
To give some background, I have NATing working when the destination address is some random address, i.e.
(in this case, the 10.255.255.180 address is the "random" target addr)
The address space for VLAN20 is defined as 172.16.1.0/24, with the dhcp reservations starting at 172.16.1.20. So if I were to make the dest address be something like 172.16.1.10, the NAT rule fails.
I tried all the different NAT reflection settings (System default, NAT + Proxy, Pure NAT) but none of those worked either.
Thanks in advance.
-
the nat is ok, if , from vlan20, something try to hit 10.255.255.180 port 5555 it will be redirected to 192.168.177.1 port 6666
now you need to check the associated firewall rule
also you need to be sure something is listening at port 6666
maybe this 192.168.177.1 have it's own firewall
-
Thank you.
@kiokoman said in NATing when the destination address is in my subnet/IP space:
the nat is ok, if , from vlan20, something try to hit 10.255.255.180 port 5555 it will be redirected to 192.168.177.1 port 6666
So that works just fine
now you need to check the associated firewall rule
also you need to be sure something is listening at port 6666
maybe this 192.168.177.1 have it's own firewallI can confirm that both the firewall rule works and the server 192.168.177.1 are listening.
The NAT rule only fails if i change 10.255.255.180 to 192.168.1.10 which lies in the address space of VLAN20.
Is there some other configuration change I need to make?
-
@sparkman123 said in NATing when the destination address is in my subnet/IP space:
So if I were to make the dest address be something like 172.16.1.10, the NAT rule fails.
You have to add that IP to VLAN20 interface as type "IP alias" if you want to use it in the NAT rule.
If it is not assigned to pfSense nothing will happen. -
The NAT rule only fails if i change 10.255.255.180 to 192.168.1.10 which lies in the address space of VLAN20.
this will never work
the traffic does not pass from pfsense if it lies on the same address space
if 192.168.1.2 try to talk with 192.168.1.10 there is no rules or nat that will work they will talk directly to each other. you need to move that 192.168.1.10 to a dedicated vlan interface -
@viragomann said in NATing when the destination address is in my subnet/IP space:
@sparkman123 said in NATing when the destination address is in my subnet/IP space:
So if I were to make the dest address be something like 172.16.1.10, the NAT rule fails.
You have to add that IP to VLAN20 interface as type "IP alias" if you want to use it in the NAT rule.
If it is not assigned to pfSense nothing will happen.Thanks. Using a virtual IP made this work.
