Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    1:1 NAT with VIP

    Scheduled Pinned Locked Moved NAT
    2 Posts 2 Posters 1.3k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • B
      berniecnyc
      last edited by

      so i have a WAN connection with multiple public IP's - i'd like to use one of them .101 to NAT to internal host 10.84.5.99

      i added the NAT (NAT.GIF)

      added a rule to allow any from the WAN to 10.84.5.99 (RULE.GIF)

      is there anything else i'm missing here?  inbound traffic doesnt appear to be making it to the .99 box

      separately –  how can i make it so outbound traffic from 10.84.5.99 NATs to the .101 public IP and not the default for the rest of the system?

      NAT.gif
      NAT.gif_thumb
      RULES.gif
      RULES.gif_thumb

      1 Reply Last reply Reply Quote 0
      • KOMK
        KOM
        last edited by

        Your NAT and rule looks ok.  Get rid of those last two rules on WAN.  Non-floating rules are processed top-down, first-match so that block on the end will never get triggered, and you don't definitely want the Allow Any rule above it.  All your other NATs seem to work ok?  Do you know for sure that the NAT'd server accepts connections?  When in doubt, use the built-in pfSense packet capture to sniff on LAN (filtered by the .101 server) and see if traffic is getting past the firewall.  You can also sniff the WAN for rely traffic back to the external client.

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.