1:1 Nat to a subnet or vlan
-
Hello all I hope someone can help me here as what I am missing. I have 1:1 Nat settings and they work just fine on about a dozen routers. My problem is I need the ability to assign a Virtual IP to a subnet instead of just 1 IP.
a crude example would be if I had 200 public IP addresses and 200 PFsense routers it would be simple just setting each one with new IP. But I want to be able to do this using just 1 or 2 boxes. Like WAN IP 1 used as public IP for all of LAN 1, WAN IP 2 used as public IP for all of LAN 2, etc etc
-
Attached is the picture of the setting I want to work instead of putting in 1 IP I want to put the entire net.
-
@bricekrispy
NAT 1:1 does IP translation in both directions. A pulbic IP (destination in packet) is translated to an internal in incoming packets. The source IP in outgoing packets of a specific internal device is translated to a public IP. This can also be done with a whole subnet, but it's not possible to translate to multiple destination IPs due to logical reasons.Like WAN IP 1 used as public IP for all of LAN 1, WAN IP 2 used as public IP for all of LAN 2, etc etc
This is regarding only outgoing packets. This makes sense though and can be done by outbound NAT.
Simply add additional public IP as virtual IP of type IP alias (Firewall > Virtual IPs).
Then switch the outbound NAT into hybrid mode and add the rules you want, select the desired public IP at translation address. -
Sir can you please message me your paypal or something I owe you a beer. Thank you so much something so simple I knew it would be first test in lab worked perfectly.
-
