Access local servers using the public NAT 1:1 address behind LAN

  • Good day. Firstly as with many other people I would like to say “I am clueless”, so apologies for stupid questions and setup!

    We want to use pfsense primarily for NAT purposes, and route external traffic to specific internal server ip’s.
    As background our servers currently have dedicated IP’s but over 3 subnets! We can’t do anything about this….
    We have installed the 2.3.3 amd64 on a VM with two NIC’s assigned to the Virtual Switch Manager in Hyper-V.

    1. So we want to give all the servers in the DC the same subnet, i.e. 10.0.0.x
    2. We then want to route the external traffic to the correct internal IP, so NAT 1:1. (So 129.198.200 to
    3. We also need the internal server to transmit the external IP not the but the
    4. Lastly we need the servers on the LAN to see each other using both the 10.0.0.x and the external IP’s.

    Externally I have 3 subnet 129.232.198 / 129.232.157 / 129.232.200
    We allowed all traffic on IP4 and IP6 in and outbound on PFSENSE firewall rules.

    1. So I have managed to do 1 by adding additional IP’s to the servers i.e.
    2. Also managed no 2 by routing the external traffic requested to to using 1:1 NAT. Made the gateway of the servers the firewall. And externally I can now open a website on the correct server.
    3. 3 Just seems to work when I asked GOOGLE for my current IP on that server it said So good right?
    4. BUT I cannot get to see or and vice versa. The requests for say web or ping all just open the firewall.

    We would like the servers on LAN to see each other using the IP or FQDN or DNS names if possible!!

    So after reading it sounds like I need a VLAN and perhaps DNS…
    Attached is a bit of a network diagram to visualize the detail above..
    Please can someone give me some pointers/help, especially on point 4?

  • Sorry guys any help would be great please?