NAT and VIPs



  • Hi there,

    I'm stuck with a situation I can't solve.  >:(

    I've an ALIX box with 3 interfaces, and the supposted configuration should be:

    On the WAN I've a cisco router (8 IP subnet from the ISP)

    On the LAN I've the local network

    On the DMZ port I would like to publish a website on the only host present (local address 192.168.10.10).

    I've tried to follow different posts about configuring VIPs and 1:1 NAT for the DMZ, without success.

    At the moment the WAN interfaces uses one of the Public IPS (x.x.x.194) and the NAT (port forwarding style) works ok for the LAN.

    I can't setup the DMZ.

    I've tried the following wich seems the most correct:

    1. Setted a local IP on the DMZ interface eg. 192.168.10.1/24, no specified gw (there is only one).
    2. Setted a virtual IP on the WAN interface x.x.x.195 other
    3. Setted NAT 1:1 on WAN interface with single IP x.x.x.195/32 on external and 192.168.10.10 on internal.
    4. Setted AONAT with a rule on WAN interface source 192.168.10.0/24 any destination, translation to x.x.x.195

    At this point the GUI tells me that there is an overlap of the ip address with the 1:1 NAT

    Why? Am I doing something wrong?

    Regards. Giulio



  • 1:1 NAT automatically creates an outbound NAT rule for the host you're 1:1 NATing.



  • Got it.

    But I don't understand why the host shows the main IP address of the WAN interface anyway.

    So I should let Automatic Outbound NAT rule generation checked instead of manual?

    Regards. G.



  • Yes.

    But you "could" write your rules yourself.
    In this case you cannot use 1:1 NAT.
    These post might interrest you:
    http://forum.pfsense.org/index.php/topic,13494.msg72294.html#msg72294
    http://forum.pfsense.org/index.php/topic,13494.msg72552.html#msg72552


Locked