• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

VIP using 1:1 NAT to pass all traffic to a specific internal host.

Scheduled Pinned Locked Moved NAT
4 Posts 4 Posters 1.4k Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • F
    fataldarkness
    last edited by Apr 11, 2017, 3:20 PM

    Good morning (or afternoon) all,

    Internally we have two networks, a LAN and a DMZ. In the DMZ is an Exchange Edge Transport server and a Skype for Business Edge role server. Our "ISP" (A university 10. network has graciously given us two /16 subnets to work with) has a single connection coming to our pfSense box. We would like the Exchange and Skype servers to have their own external IP with full access to the outside network. For our WAN link we are using 10.162.13.160, for the servers I have created two virtual IPs 10.162.13.161 which should pass all incoming traffic to the Skype server (172.30.0.150) and 10.162.13.162 which should pass all incoming traffic to the Exchange server (172.30.0.12). Our end goal is to allow a client directly on the ISP network to have access to the Exchange and Skype servers.

    I believe this is accomplished with 1:1 NAT and Outbound NAT but I was wondering what these would look like, I am new to pfSense so I am still learning what everything does in context with each other. Any input/suggestions/help is greatly appreciated. Here is an image showing our setup.

    1 Reply Last reply Reply Quote 0
    • V
      viragomann
      last edited by Apr 19, 2017, 12:10 PM

      Yes, you can do this with 1:1 NAT.

      However, consider that a 1:1 NAT rule on its own does not permit access. To allow incoming traffic you have to add appropriate firewall rules to the WAN interface. To allow outgoing traffic from the servers you have to add firewall rules to the DMZ interfaces.

      1 Reply Last reply Reply Quote 0
      • N
        nelioromao
        last edited by Apr 19, 2017, 6:36 PM Apr 19, 2017, 6:33 PM

        I think NAT is not the best option to have VOIP server. NAT can have same bad influence in VOIP Package and hard to debug.

        I my opinion just bridge WAN Port with the port that you have your VOIP server.
        And than you can use the static IP from your ISP direct on your VOIP server.

        Same Sample info about NAT and VOIP

        https://www.voip-info.org/wiki/view/NAT+and+VOIP
        http://kb.smartvox.co.uk/voip-sip/sip-nat-problem/

        1 Reply Last reply Reply Quote 0
        • I
          isolatedvirus
          last edited by Apr 19, 2017, 6:51 PM

          @5E:

          I think NAT is not the best option to have VOIP server. NAT can have same bad influence in VOIP Package and hard to debug.

          I my opinion just bridge WAN Port with the port that you have your VOIP server.
          And than you can use the static IP from your ISP direct on your VOIP server.

          Same Sample info about NAT and VOIP

          https://www.voip-info.org/wiki/view/NAT+and+VOIP
          http://kb.smartvox.co.uk/voip-sip/sip-nat-problem/

          Hes setting up 1:1 natting, which shouldnt affect VOIP in this scenario. The culprit in this situation would be firewall rules blocking the incoming VOIP sessions.

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
            This community forum collects and processes your personal information.
            consent.not_received