Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    NAT and VIPs

    Scheduled Pinned Locked Moved NAT
    4 Posts 2 Posters 2.2k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • I
      iw3hvb
      last edited by

      Hi there,

      I'm stuck with a situation I can't solve.  >:(

      I've an ALIX box with 3 interfaces, and the supposted configuration should be:

      On the WAN I've a cisco router (8 IP subnet from the ISP)

      On the LAN I've the local network

      On the DMZ port I would like to publish a website on the only host present (local address 192.168.10.10).

      I've tried to follow different posts about configuring VIPs and 1:1 NAT for the DMZ, without success.

      At the moment the WAN interfaces uses one of the Public IPS (x.x.x.194) and the NAT (port forwarding style) works ok for the LAN.

      I can't setup the DMZ.

      I've tried the following wich seems the most correct:

      1. Setted a local IP on the DMZ interface eg. 192.168.10.1/24, no specified gw (there is only one).
      2. Setted a virtual IP on the WAN interface x.x.x.195 other
      3. Setted NAT 1:1 on WAN interface with single IP x.x.x.195/32 on external and 192.168.10.10 on internal.
      4. Setted AONAT with a rule on WAN interface source 192.168.10.0/24 any destination, translation to x.x.x.195

      At this point the GUI tells me that there is an overlap of the ip address with the 1:1 NAT

      Why? Am I doing something wrong?

      Regards. Giulio

      1 Reply Last reply Reply Quote 0
      • GruensFroeschliG
        GruensFroeschli
        last edited by

        1:1 NAT automatically creates an outbound NAT rule for the host you're 1:1 NATing.

        We do what we must, because we can.

        Asking questions the smart way: http://www.catb.org/esr/faqs/smart-questions.html

        1 Reply Last reply Reply Quote 0
        • I
          iw3hvb
          last edited by

          Got it.

          But I don't understand why the host shows the main IP address of the WAN interface anyway.

          So I should let Automatic Outbound NAT rule generation checked instead of manual?

          Regards. G.

          1 Reply Last reply Reply Quote 0
          • GruensFroeschliG
            GruensFroeschli
            last edited by

            Yes.

            But you "could" write your rules yourself.
            In this case you cannot use 1:1 NAT.
            These post might interrest you:
            http://forum.pfsense.org/index.php/topic,13494.msg72294.html#msg72294
            http://forum.pfsense.org/index.php/topic,13494.msg72552.html#msg72552

            We do what we must, because we can.

            Asking questions the smart way: http://www.catb.org/esr/faqs/smart-questions.html

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.