NAT to DMZ
I have set up a Pfsense firewall with LAN, WAN and DMZ. I have 10 usable IP address. I am going to use 3 out of that for pfsense HA set up. I want the rest of the usable static IP address to be NATed to the DMZ servers. Is it possible or will I be forced to use only WAN IP in DMZ?
![pfsense layout.png](/public/imported_attachments/1/pfsense layout.png)
![pfsense layout.png_thumb](/public/imported_attachments/1/pfsense layout.png_thumb)
Sure. Make IP Alias VIPs on WAN (like you will make the CARP VIP for HA) and you can use them all for 1:1 NAT and port forwards as you like.
You configure what address the hosts masquerade as for outbound connection in Outbound NAT.
Hi, I have done it but before doing NAT, I want to do a one way traffic from LAN to DMZ, In a way that LAN can ping and work on DMZ servers but all the packets from DMZ should be blocked towards LAN. Can you please help me with the rule set?
Reject any source DMZ net dest LAN net
Pass any source LAN net dest DMZ net
Thank you very much. let me try that