Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    NAT part of subnet

    NAT
    3
    7
    342
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • A
      Ajj81 last edited by

      Hi,

      is there a way to get the NAT function to only use part of a specified subnet?
      I only want to use 3 addresses in my external range, but it seems to be using the whole range.  I must be doing something wrong as I cannot see how to only specify these 3 addresses.

      thanks

      1 Reply Last reply Reply Quote 0
      • johnpoz
        johnpoz LAYER 8 Global Moderator last edited by

        huh?  So pfsense has a WAN IP that is in your range.. lets call it 1.2.3.0/29

        So your gateway is 1.2.3.1 and pfsense is lets assume 1.2.3.2

        This range is a public range right??  Not some rfc1918 address behind another nat..

        Out of the box pfsense would not have a clue to the .3 - .6 you could use that is part of your /29

        To .3 to .6 you would have to create VIPs on pfsense wan interface - did you do that?  Then what did you do with your outbound natting.. Since out of the box pfsense would only use its 1.2.3.2 address that was on its wan interface to outbound nat in automatic mode, etc.

        An intelligent man is sometimes forced to be drunk to spend time with his fools
        If you get confused: Listen to the Music Play
        Please don't Chat/PM me for help, unless mod related
        2440 2.4.5p1 | 2x 3100 2.4.4p3 | 2x 3100 22.01 | 4860 22.05

        1 Reply Last reply Reply Quote 0
        • Derelict
          Derelict LAYER 8 Netgate last edited by

          Everything you seek is here, in Host Alias under translation in Firewall > NAT, Outbound

          ![Screen Shot 2017-08-29 at 11.42.29 AM.png_thumb](/public/imported_attachments/1/Screen Shot 2017-08-29 at 11.42.29 AM.png_thumb)
          ![Screen Shot 2017-08-29 at 11.42.29 AM.png](/public/imported_attachments/1/Screen Shot 2017-08-29 at 11.42.29 AM.png)

          Chattanooga, Tennessee, USA
          The pfSense Book is free of charge!
          DO NOT set a source port in a port forward or firewall rule unless you KNOW you need it!
          Do Not Chat For Help! NO_WAN_EGRESS(TM)

          1 Reply Last reply Reply Quote 0
          • johnpoz
            johnpoz LAYER 8 Global Moderator last edited by

            but that is still a VIP he had to have added.

            An intelligent man is sometimes forced to be drunk to spend time with his fools
            If you get confused: Listen to the Music Play
            Please don't Chat/PM me for help, unless mod related
            2440 2.4.5p1 | 2x 3100 2.4.4p3 | 2x 3100 22.01 | 4860 22.05

            1 Reply Last reply Reply Quote 0
            • Derelict
              Derelict LAYER 8 Netgate last edited by

              Yes. That is listed there in the text.

              Chattanooga, Tennessee, USA
              The pfSense Book is free of charge!
              DO NOT set a source port in a port forward or firewall rule unless you KNOW you need it!
              Do Not Chat For Help! NO_WAN_EGRESS(TM)

              1 Reply Last reply Reply Quote 0
              • A
                Ajj81 last edited by

                thanks for the responses so far.

                just to clarify ~ it is a public IP range. I've been given some of our corporate addresses (non contiguous) for use on testing a new setup.
                so for ease lets say 1.1.1.1, 1.1.1.3 & 1.1.1.5

                1.1.1.1 is assigned to the pfsense WAN port ~ but can still be used in "the pool".
                Ideally we would like to use the "random" NAT pool option instead of round robin.  Looking at the setup above the host alias can only use round robin (if it has to be that way then fine - but my boss wants it random  ???)

                does that sound possible?

                thanks

                1 Reply Last reply Reply Quote 0
                • Derelict
                  Derelict LAYER 8 Netgate last edited by

                  Round robin in that case.

                  Tell him that is fine. It will appear random. Stop overthinking and micro-managing.

                  Chattanooga, Tennessee, USA
                  The pfSense Book is free of charge!
                  DO NOT set a source port in a port forward or firewall rule unless you KNOW you need it!
                  Do Not Chat For Help! NO_WAN_EGRESS(TM)

                  1 Reply Last reply Reply Quote 0
                  • First post
                    Last post