Moving from VYOS to PSFSENSE

simonuk1

I have a setup that we have production labs isolated behind 2 vyos routers.
I have succesfully replaced the external VYOS firewall with pfsense, however I have having trouble replicating the nat transaltion i have in the internal firewall from VYOS to PFSENSE.

The config in VYOS is :
nat {

 destination {
     rule 10 {
         description "Management Servers - for packets arriving on eth0 rewrite destination 10.1.120.x -> 192.168.120.x"
         destination {
             address 10.1.120.0/24
         }
         inbound-interface eth0
         source {
         }
         translation {
             address 192.168.120.0/24
         }
       }
     }
 }

 source {
     rule 10 {
         description "Management Servers - for packets leaving on eth0 rewrite source 192.168.120.x -> 10.1.120.x"
         outbound-interface eth0
         source {
             address 192.168.120.0/24
         }
         translation {
             address 10.1.120.0/24
         }
     }
 }

}

Is this easy to replicate in PSFSENSE ???

NogBadTheBad

Isn't the above just doing a 1:1 nat x 254 ?

Is there a specific reason to nat RFC1918 address space ?

https://www.netgate.com/docs/pfsense/nat/1-1-nat.html

simonuk1

Yes, I am nat'ing a full subnet as the same subnet exist in Production and we are hiding the lab network behind 2 firewall so as to make sure that the lab network never gets out into the production network as anything the than it Masked NAT subnet.

NogBadTheBad

Never done it myself but try:-

https://www.netgate.com/docs/pfsense/book/nat/1-1-nat.html#example-ip-address-range-1-1-configuration

addarcz

This post is deleted!