1:1 NAT and outbound NAT's on same box
-
Hello,
I'll try to condense this as much as possible, but can expand on details if needed. I am running pfSense 1.2.2 on a box that has 3 NICs. LAN is connected to a private network. This private network consists of roughly 12 class C private IP ranges.
WAN is connected to our ISP via a router using IP addresses given to us by that ISP (a /25). OPT1 is also considered a WAN connection, and is connected to that same router but uses a different subnet/gateway (a /20).
My intention of all this is to 1:1 NAT several /24's from the /20 directly to the 192.168.x.x networks, and have the 10.1.1.0/16 NAT (and other similar networks not shown) through a single IPs from the /25 using Outbound NAT.
This is a simple drawing of the way it's plugged in now:
10.1.1.0/16 192.168.0.0/24 192.168.1.0/24
| | |
–----------------------------------
|
LAN
PFSENSE
| |
WAN_____| |OPT1
| |
X.X.X.0/25 X.X.240.0/20
| |
-------------HUB---------------------
|
ISP ROUTERIf I set NATs on the OPT1 interface using firewall rules (changing the gateway) and using outbound NAT, I can get the 192.168.0.0 network to NAT through 1 of the x.x.240.0 addresses, but I can't get the NAT 1:1 of one /24 to another to work. Is it possible to use NAT 1:1 and outbound NAT at the same time for different subnets, or is it all or nothing?
I should also mention that I have created the Virtual IPs for each of the ranges I am trying to nat (/24's).
Thanks in advance for any help.
-
do you realy needs opt1 connected to the same ISP?
may be you find some when 'Virtual IP' used instead of additional NIC.IMHO The better way…
-
Thanks for the reply.
I believe that I need both interfaces, as the gateway for each IP range is different. I'm unsure of how a virtual IP would work when I need those IP's routed to a different subnet, even if it's on the same interface.
I got the 1:1 NAT's working last night by playing with the firewall rules a little more. I now have a setup where I have some 1:1 NATs and also have Advanced Outbound NAT set up.