Back to back 1:1 NAT
-
I am having problems with 1:1 NAT. We have two pfSense routers in a layout as below:
OPT1 –----------> Internet 12.X
Server --> LAN --> pfSense1 < OPT1------------> Internet 69.X
WAN -------> Link --------> LAN --> pfSense0 <
WAN ------------> Internet 207.XThe pfSense1 box was just installed today and has a 1:1 NAT configured from the Link side network to the Server, pfSense0 has been in place for some time and has a 1:1 NAT configured that was previously pointing just to the server, but now points to the pfSense1 box. If I setup a port forward on pfSense1 and point pfSense0's 1:1 to that port forward, I can reach the server. If I point the 1:1 on pfSense0 to the 1:1 on pfSense1 and try from the outside world, it will not work. If I try from in the middle of the link between pfSense0 and pfSense1 with the 1:1's both enabled, I can get to the server behind pfSense0 through the 1:1.
Is it not possible to have back to back 1:1 NAT rules? pfSense0 and pfSense1 are at different locations linked by a fiber link. We recently added the DSL connection at the second location for a redundancy but that internet connections at the pfSense0 site are far faster so we want to take advantage of them.