4. Back to back 1:1 NAT

Back to back 1:1 NAT

  • E

    I am having problems with 1:1 NAT.  We have two pfSense routers in a layout as below:

    OPT1 –----------> Internet 12.X
    Server    --> LAN --> pfSense1 <                                                                      OPT1------------> Internet 69.X
                                                  WAN -------> Link -------->  LAN --> pfSense0 <
                                                                                                                        WAN ------------> Internet 207.X

    The pfSense1 box was just installed today and has a 1:1 NAT configured from the Link side network to the Server, pfSense0 has been in place for some time and has a 1:1 NAT configured that was previously pointing just to the server, but now points to the pfSense1 box. If I setup a port forward on pfSense1 and point pfSense0's 1:1 to that port forward, I can reach the server.  If I point the 1:1 on pfSense0 to the 1:1 on pfSense1 and try from the outside world, it will not work.  If I try from in the middle of the link between pfSense0 and pfSense1 with the 1:1's both enabled, I can get to the server behind pfSense0 through the 1:1.

    Is it not possible to have back to back 1:1 NAT rules?  pfSense0 and pfSense1 are at different locations linked by a fiber link.  We recently added the DSL connection at the second location for a redundancy but that internet connections at the pfSense0 site are far faster so we want to take advantage of them.

    0
Log in to reply
 

Products

Applications

Support

Services

News

Resources

Company

Our Mission

As host of the pfSense open source firewall project, Netgate believes in enhancing network connectivity that maintains both security and privacy. We also believe everyone should be able to afford it.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2002 - 2019 Rubicon Communications, LLC | Privacy Policy