NAT and VIPs
-
Hi there,
I'm stuck with a situation I can't solve. >:(
I've an ALIX box with 3 interfaces, and the supposted configuration should be:
On the WAN I've a cisco router (8 IP subnet from the ISP)
On the LAN I've the local network
On the DMZ port I would like to publish a website on the only host present (local address 192.168.10.10).
I've tried to follow different posts about configuring VIPs and 1:1 NAT for the DMZ, without success.
At the moment the WAN interfaces uses one of the Public IPS (x.x.x.194) and the NAT (port forwarding style) works ok for the LAN.
I can't setup the DMZ.
I've tried the following wich seems the most correct:
- Setted a local IP on the DMZ interface eg. 192.168.10.1/24, no specified gw (there is only one).
- Setted a virtual IP on the WAN interface x.x.x.195 other
- Setted NAT 1:1 on WAN interface with single IP x.x.x.195/32 on external and 192.168.10.10 on internal.
- Setted AONAT with a rule on WAN interface source 192.168.10.0/24 any destination, translation to x.x.x.195
At this point the GUI tells me that there is an overlap of the ip address with the 1:1 NAT
Why? Am I doing something wrong?
Regards. Giulio
-
1:1 NAT automatically creates an outbound NAT rule for the host you're 1:1 NATing.
-
Got it.
But I don't understand why the host shows the main IP address of the WAN interface anyway.
So I should let Automatic Outbound NAT rule generation checked instead of manual?
Regards. G.
-
Yes.
But you "could" write your rules yourself.
In this case you cannot use 1:1 NAT.
These post might interrest you:
http://forum.pfsense.org/index.php/topic,13494.msg72294.html#msg72294
http://forum.pfsense.org/index.php/topic,13494.msg72552.html#msg72552