1 to 1 configuration issue

  • Hello everybody, first of all here is what I am trying to achieve:

    I have a pfSense firewall (a CARP-based cluster to be more precise) with a public IP configured on WAN interface, and communications / NAT to LAN work without problems. Now I configured a second public IP on the same WAN interface, and I want to map it 1:1 on a server that is on the LAN behind pfSense firewall.

    I followed the documentation and configured a 1:1 NAT, and now the server on the LAN is correctly reachable from the internet, but I have two issues:

    • Connections (e.g. on apache web server, or SSH) from the internet are always seen as coming from the pfSense firewall LAN IP in the logs, I do not see public IPs in the log files.
    • If from the server itself I try to access the public IP NATted on the server, the pfSense web interface appears, and the same happens with SSH. I add an example:
      LAN IP: root@serverLAN: ssh root@ -> I correctly connect to the LAN server
      WAN IP mapped 1-1: root@serverLAN: ssh root@212.23.XXX.XXX -> I connect to pfSense and not to the LAN server

    As far as I understood I need to enable NAT reflection, so I followed this documentation: https://docs.netgate.com/pfsense/en/latest/nat/accessing-port-forwards-from-local-networks.html but I did not manage to solve the problem. What am I doing wrong? Is it possible to achieve what I am trying to do?

Log in to reply