1. Home
  2. pfSense® Software
  3. NAT
  4. 1:1 NAT with VIP

1:1 NAT with VIP

  • B

    so i have a WAN connection with multiple public IP's - i'd like to use one of them .101 to NAT to internal host 10.84.5.99

    i added the NAT (NAT.GIF)

    added a rule to allow any from the WAN to 10.84.5.99 (RULE.GIF)

    is there anything else i'm missing here?  inbound traffic doesnt appear to be making it to the .99 box

    separately –  how can i make it so outbound traffic from 10.84.5.99 NATs to the .101 public IP and not the default for the rest of the system?




    0
  • KOM

    Your NAT and rule looks ok.  Get rid of those last two rules on WAN.  Non-floating rules are processed top-down, first-match so that block on the end will never get triggered, and you don't definitely want the Allow Any rule above it.  All your other NATs seem to work ok?  Do you know for sure that the NAT'd server accepts connections?  When in doubt, use the built-in pfSense packet capture to sniff on LAN (filtered by the .101 server) and see if traffic is getting past the firewall.  You can also sniff the WAN for rely traffic back to the external client.

    0
Log in to reply
 

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

© 2020 Rubicon Communications, LLC | Privacy Policy