Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    1:1 NAT and outbound NAT's on same box

    Scheduled Pinned Locked Moved NAT
    3 Posts 2 Posters 2.5k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • R
      rklopoto
      last edited by

      Hello,

      I'll try to condense this as much as possible, but can expand on details if needed.  I am running pfSense 1.2.2 on a box that has 3 NICs.  LAN is connected to a private network.  This private network consists of roughly 12 class C private IP ranges.

      WAN is connected to our ISP via a router using IP addresses given to us by that ISP (a /25).  OPT1 is also considered a WAN connection, and is connected to that same router but uses a different subnet/gateway (a /20).

      My intention of all this is to 1:1 NAT several /24's from the /20 directly to the 192.168.x.x networks, and have the 10.1.1.0/16 NAT (and other similar networks not shown) through a single IPs from the /25 using Outbound NAT.

      This is a simple drawing of the way it's plugged in now:

      10.1.1.0/16   192.168.0.0/24   192.168.1.0/24
           |                      |                     |
           –----------------------------------
                                    |
                                  LAN
                               PFSENSE
                                 |      |
          WAN_____|      |OPT1
          |                                                |
      X.X.X.0/25                           X.X.240.0/20
          |                                                |
          -------------HUB---------------------
                             |
                   ISP ROUTER

      If I set NATs on the OPT1 interface using firewall rules (changing the gateway) and using outbound NAT, I can get the 192.168.0.0 network to NAT through 1 of the x.x.240.0 addresses, but I can't get the NAT 1:1 of one /24 to another to work.  Is it possible to use NAT 1:1 and outbound NAT at the same time for different subnets, or is it all or nothing?

      I should also mention that I have created the Virtual IPs for each of the ranges I am trying to nat (/24's).
      Thanks in advance for any help.

      1 Reply Last reply Reply Quote 0
      • S
        SB HidDeN
        last edited by

        do you realy needs opt1 connected to the same ISP?
        may be you find some when 'Virtual IP' used instead of additional NIC.

        IMHO The better way…

        1 Reply Last reply Reply Quote 0
        • R
          rklopoto
          last edited by

          Thanks for the reply.

          I believe that I need both interfaces, as the gateway for each IP range is different.  I'm unsure of how a virtual IP would work when I need those IP's routed to a different subnet, even if it's on the same interface.

          I got the 1:1 NAT's working last night by playing with the firewall rules a little more.  I now have a setup where I have some 1:1 NATs and also have Advanced Outbound NAT set up.

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.