Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    1:1 Nat with wan interface ip

    NAT
    2
    3
    2973
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • A
      adams79 last edited by

      Hello,
      I'm using PfSense as a "simple" failover and load balance appliance. I have two dsl connection from different ISP. Each connection is connected (with Isp's router) in 1:1 with wan and opt1 interfaces. I've onl a single static ip on each connection. I've set 1:1 nat for the opt1 interface without any problem, but I can't make this on the wan interface. On my wan interface I have 192.168.0.2 as ip (gateway 192.168.0.105) I need to make 1:1 Nat of this IP to an internal ip.. Actually I've created a port forwarding 1-65535 and 'ive set in outbound nat the static port option, but I don't know if this is correct.

      Thank you

      1 Reply Last reply Reply Quote 0
      • GruensFroeschli
        GruensFroeschli last edited by

        Yes you cannot use multiple 1:1 NAT forwards. (which makes sense if you think about it).

        Forwarding 1-65535 two times and setting the static port option is a solution.

        However, since i'm not a fan of 1:1, forwarding 1-65535 seems a bit of overkill to me.
        You you just allow single port with the firewall?
        Why dont you create an alias containing all the port you want to forward,
        and then use this alias in the portforward rule and in the firewall rule.

        If you want to add a port to the allowed list, you just have to change this alias.
        (And you even dont forward all ports by default).

        We do what we must, because we can.

        Asking questions the smart way: http://www.catb.org/esr/faqs/smart-questions.html

        1 Reply Last reply Reply Quote 0
        • A
          adams79 last edited by

          Hello,
          thank you for your reply… Actually I'm using this configuration because all the traffic will came in another firewall on which I manage the rights port forwardings (if I add to pfsense only the port forwarding that I needs I will need to configure this also when I need a new rule)... if you are thinking that this is unuseful you're right but I'm using this configuration because I need the two wan connections and actually I'm not ready to change the other firewall (because it is a mail gateway also with antispam and antivirus).. I know the spamd package but as I read on the forum there are some problem with it (and actually I manage 200 mailboxes in 5/6 domains).. I think that a better solution will be to use bridged mode between firewall and pfsesnse.. but I've no idea on  how can I make this with the two lan connection... and I don't know if in bridged mode I'll be able to loadbalance the two wans connection... My actually ip configration is:

          PublicIP 1 --> DSL ROUTER (192.168.2.1) --> WAN PFSENSE (192.168.2.2) --> LAN PFSENSE (192.168.3.1) --> My old Firewall (192.168.3.2)
                                                                                                                                  ^
          PublicIP 2 --> DSL ROUTER (192.168.0.105) --> OPT PFSENSE (192.168.0.2) ------------|
          NOTE: FOR THIS CONNECTION (PUBLIC IP2) I CAN'T ACCESS/MANAGE THE ROUTER THET IS PROVIDED BY THE ISP... they've configured a 1:1 natting on 192.168.0.2 for the incoming ip

          Thank you for your time...

          1 Reply Last reply Reply Quote 0
          • First post
            Last post