Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Access local servers using the public NAT 1:1 address behind LAN

    Scheduled Pinned Locked Moved General pfSense Questions
    2 Posts 1 Posters 649 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      mvanniek
      last edited by

      Good day. Firstly as with many other people I would like to say “I am clueless”, so apologies for stupid questions and setup!

      We want to use pfsense primarily for NAT purposes, and route external traffic to specific internal server ip’s.
      As background our servers currently have dedicated IP’s but over 3 subnets! We can’t do anything about this….
      We have installed the 2.3.3 amd64 on a VM with two NIC’s assigned to the Virtual Switch Manager in Hyper-V.

      1. So we want to give all the servers in the DC the same subnet, i.e. 10.0.0.x
      2. We then want to route the external traffic to the correct internal IP, so NAT 1:1. (So 129.198.200 to 10.0.0.100)
      3. We also need the internal server to transmit the external IP not the 10.0.0.100 but the 129.232.198.200.
      4. Lastly we need the servers on the LAN to see each other using both the 10.0.0.x and the external IP’s.

      Externally I have 3 subnet 129.232.198 / 129.232.157 / 129.232.200
      We allowed all traffic on IP4 and IP6 in and outbound on PFSENSE firewall rules.

      1. So I have managed to do 1 by adding additional IP’s to the servers i.e. 10.0.0.100.
      2. Also managed no 2 by routing the external traffic requested to 129.232.198.200 to 10.0.0.100 using 1:1 NAT. Made the gateway of the servers the firewall. And externally I can now open a website on the correct server.
      3. 3 Just seems to work when I asked GOOGLE for my current IP on that server it said 129.232.198.200. So good right?
      4. BUT I cannot get 129.232.198.200 to see 129.232.157.170 or 129.232.200.200 and vice versa. The requests for say web or ping all just open the firewall.

      We would like the servers on LAN to see each other using the IP or FQDN or DNS names if possible!!

      So after reading it sounds like I need a VLAN and perhaps DNS…
      Attached is a bit of a network diagram to visualize the detail above..
      Please can someone give me some pointers/help, especially on point 4?

      pfsense-1.jpg
      pfsense-1.jpg_thumb

      1 Reply Last reply Reply Quote 0
      • M
        mvanniek
        last edited by

        Sorry guys any help would be great please?

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.