1:1 NAT with VIP



  • so i have a WAN connection with multiple public IP's - i'd like to use one of them .101 to NAT to internal host 10.84.5.99

    i added the NAT (NAT.GIF)

    added a rule to allow any from the WAN to 10.84.5.99 (RULE.GIF)

    is there anything else i'm missing here?  inbound traffic doesnt appear to be making it to the .99 box

    separately –  how can i make it so outbound traffic from 10.84.5.99 NATs to the .101 public IP and not the default for the rest of the system?






  • Your NAT and rule looks ok.  Get rid of those last two rules on WAN.  Non-floating rules are processed top-down, first-match so that block on the end will never get triggered, and you don't definitely want the Allow Any rule above it.  All your other NATs seem to work ok?  Do you know for sure that the NAT'd server accepts connections?  When in doubt, use the built-in pfSense packet capture to sniff on LAN (filtered by the .101 server) and see if traffic is getting past the firewall.  You can also sniff the WAN for rely traffic back to the external client.