1. Home
  2. pfSense® Software
  3. NAT
  4. 2 public subnets / reach services behind

2 public subnets / reach services behind

  • K

    Hello guys.
    I am planning to get rid of an old linux based firewall (iptables)
    WAN part is a public /29 and LAN is also a public /24 with services like webservers / mail servers...
    Basically the firewall allows for each internal IP specific ports to be reachable from outside.
    I know the classic forwarding NAT WAN IP -> LAN IP but in this case it's something different since I have to be able to reach LAN part with the LAN IP insead of the relative WAN IP.
    For example pfsense interfaces:
    WAN: 100.100.100.1/29 GW 100.100.100.6/29
    LAN: 200.200.200.1/24
    I should be able to reach from outside 200.200.200.7:22(ssh) / :80(website)...
    Is it possible?

    0
  • Derelict
    LAYER 8 Netgate

    Yes. Assuming 200.200.200.0/24 is actually routed to 100.100.100.1 by the ISP.

    Just number the LAN with 200.200.200.1/24.

    Go to Firewall > NAT, Outbound, switch to Hybrid mode, and make a NO NAT rule on WAN for traffic sourced from 200.200.200.0/24

    Make a firewall rule on WAN passing traffic from any to 200.200.200.X TCP port 22/80.

    0
  • K

    Thank you Derelict for your answer.
    I confirm your suggestion worked like a charm!

    1
Log in to reply
 

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

© 2020 Rubicon Communications, LLC | Privacy Policy