4. 1:1 NAT with VIP

1:1 NAT with VIP

  • B

    so i have a WAN connection with multiple public IP's - i'd like to use one of them .101 to NAT to internal host 10.84.5.99

    i added the NAT (NAT.GIF)

    added a rule to allow any from the WAN to 10.84.5.99 (RULE.GIF)

    is there anything else i'm missing here?  inbound traffic doesnt appear to be making it to the .99 box

    separately –  how can i make it so outbound traffic from 10.84.5.99 NATs to the .101 public IP and not the default for the rest of the system?




    0

  • Your NAT and rule looks ok.  Get rid of those last two rules on WAN.  Non-floating rules are processed top-down, first-match so that block on the end will never get triggered, and you don't definitely want the Allow Any rule above it.  All your other NATs seem to work ok?  Do you know for sure that the NAT'd server accepts connections?  When in doubt, use the built-in pfSense packet capture to sniff on LAN (filtered by the .101 server) and see if traffic is getting past the firewall.  You can also sniff the WAN for rely traffic back to the external client.

    0
Log in to reply
 

Products

Applications

Support

Services

News

Resources

Company

Our Mission

As host of the pfSense open source firewall project, Netgate believes in enhancing network connectivity that maintains both security and privacy. We also believe everyone should be able to afford it.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2002 - 2019 Rubicon Communications, LLC | Privacy Policy