Pfsense Newb - Dynamic Source Nat
-
Pfsense-Newb
So i have a big event coming up and ive decided that i might need to get a heavier piece of equipment to try and just have something with some more power. And with one of the networks im planning to have around 5000 clients or more connected. and i wanted to see if i could do a few things.One of the things ive done in the past with edge routers(ubiquiti edge) when i have large subnet is create a source nat rule with a block of address public. so that i can have a network of lets say
10.10.168.0/23 dynamically going out of range of public address 1.2.3.4 - 1.2.3.20…
I have found out house to do this by just using the virtual address and being able to switch between one network and one public but im trying to do this with a big local subnet and a block of publics.
Also since im new to this and a friend just sold me an r210 server for cheap that ive installed this on, any tips to check how the ssystem is running on cpu and ram and what not would be appreciated as well.
Thank you !!
Also another thing i noticed when i create the static route for the internet it only let me create 0.0.0.0/1… is that ok im used to creating static routes to the internet as 0.0.0.0/0… dont know what lives in that /1 but just thought id ask
-
@joshhboss said in Pfsense Newb - Dynamic Source Nat:
One of the things ive done in the past with edge routers(ubiquiti edge) when i have large subnet is create a source nat rule with a block of address public. so that i can have a network of lets say
10.10.168.0/23 dynamically going out of range of public address 1.2.3.4 - 1.2.3.20…
I have found out house to do this by just using the virtual address and being able to switch between one network and one public but im trying to do this with a big local subnet and a block of publics.You can configure this in an outbound NAT rule by selecting "Other subnet" at translation address and enter the subnet in CIDR notation you desire. Below you can additionally select different pool options for picking a translation address.
If it is not possible to state your desired translation address pool by a single subnet, you can add an network alias with the range you want. So pfSense does this for you and you can choose this alias after from the translation address drop-town.
@joshhboss said in Pfsense Newb - Dynamic Source Nat:
Also another thing i noticed when i create the static route for the internet it only let me create 0.0.0.0/1… is that ok im used to creating static routes to the internet as 0.0.0.0/0…
Use the Default gateway option in System > Routing > Gateways.
-
@viragomann I did the following but it still seems to only go out one of the address when i test to check my public ip using different sites..
Really appreciate the help!
-
@viragomann sorry let me add a bogus ip to show how my subnet looks in virtualIps.. i just changed the 2nd and 3rd octets to 0.
-
Why are you trying to do a /29 for your other subnet for tanslation. While your vips have /25 on them.. And one is listed as /32
and none are going to match up when your listing a .224 as your lowest last octet and you what looks like a .24 on your /29? Or is that a .224? Which would be the network break and not a valid address.
-
@joshhboss
Try round robin.Consider that the IPs you stated above are not a full /29 range. As I mentioned, if you cannot use a subnet use an alias.
-
@johnpoz Hi, Thank you so much for responding. I am new to this so forgive me if i miss the obvious. so the actual subnet my isp gives me is a full /25.. so when i first created the wan interface i used the 12.0.0.223 interface (actually before the original post it was 12.0.0.228). But now it is 12.0.0.223. so now i have another 124 usable or so. then i went onto virtual ips to create the next ones. 224-229. (the /32 was a mistake).
now for the translation since i wanted to practice just using a small block to dynamically change ips publicly, i thought i had to declare it as a subnet.
i appreciate any insight you could give me to help understand how to properly do this.
thank you!
-
@joshhboss said in Pfsense Newb - Dynamic Source Nat:
@johnpoz Hi, Thank you so much for responding. I am new to this so forgive me if i miss the obvious. so the actual subnet my isp gives me is a full /25.. so when i first created the wan interface i used the 12.0.0.223 interface (actually before the original post it was 12.0.0.228). But now it is 12.0.0.223. so now i have another 124 usable or so. then i went onto virtual ips to create the next ones. 224-229. (the /32 was a mistake).
now for the translation since i wanted to practice just using a small block to dynamically change ips publicly, i thought i had to declare it as a subnet.
i appreciate any insight you could give me to help understand how to properly do this.
thank you!
Well actually not it looks like making the changes in the nat rule to be 12.0.0.224/29 and using random it might be working like i want.. Do you see anything wrong with this ?
-
@viragomann This was the solution. Thank you so much!
