VIP using 1:1 NAT to pass all traffic to a specific internal host.
-
Good morning (or afternoon) all,
Internally we have two networks, a LAN and a DMZ. In the DMZ is an Exchange Edge Transport server and a Skype for Business Edge role server. Our "ISP" (A university 10. network has graciously given us two /16 subnets to work with) has a single connection coming to our pfSense box. We would like the Exchange and Skype servers to have their own external IP with full access to the outside network. For our WAN link we are using 10.162.13.160, for the servers I have created two virtual IPs 10.162.13.161 which should pass all incoming traffic to the Skype server (172.30.0.150) and 10.162.13.162 which should pass all incoming traffic to the Exchange server (172.30.0.12). Our end goal is to allow a client directly on the ISP network to have access to the Exchange and Skype servers.
I believe this is accomplished with 1:1 NAT and Outbound NAT but I was wondering what these would look like, I am new to pfSense so I am still learning what everything does in context with each other. Any input/suggestions/help is greatly appreciated. Here is an image showing our setup.
-
Yes, you can do this with 1:1 NAT.
However, consider that a 1:1 NAT rule on its own does not permit access. To allow incoming traffic you have to add appropriate firewall rules to the WAN interface. To allow outgoing traffic from the servers you have to add firewall rules to the DMZ interfaces.
-
I think NAT is not the best option to have VOIP server. NAT can have same bad influence in VOIP Package and hard to debug.
I my opinion just bridge WAN Port with the port that you have your VOIP server.
And than you can use the static IP from your ISP direct on your VOIP server.Same Sample info about NAT and VOIP
https://www.voip-info.org/wiki/view/NAT+and+VOIP
http://kb.smartvox.co.uk/voip-sip/sip-nat-problem/ -
@5E:
I think NAT is not the best option to have VOIP server. NAT can have same bad influence in VOIP Package and hard to debug.
I my opinion just bridge WAN Port with the port that you have your VOIP server.
And than you can use the static IP from your ISP direct on your VOIP server.Same Sample info about NAT and VOIP
https://www.voip-info.org/wiki/view/NAT+and+VOIP
http://kb.smartvox.co.uk/voip-sip/sip-nat-problem/Hes setting up 1:1 natting, which shouldnt affect VOIP in this scenario. The culprit in this situation would be firewall rules blocking the incoming VOIP sessions.