Static IP NAT to LAN IP

slkamath

Hi,

We want to access our file server from anywhere (Cloud).

We are using pfSense as Firewall & Router & DNS Server.

Our ISP has given 2 sets of Static IP Range. The Ip ranges are as connected in our pfSense box.

a. 203.xxx.xxx.154/31 - WAN IP
b. 182.xxx.xxx.23/29 - OPT1 IP
c. 192.168.1.1/24 - LAN IP

Our File Server LAN IP is 192.168.1.254/24 & we want to access over internet via IP 182.xxx.xxx.28/29

How to configure this in pfSense box?

Please guide me.

Thanks & Regards
Lokesh Kamath

viragomann

@slkamath said in Static IP NAT to LAN IP:

Our ISP has given 2 sets of Static IP Range. The Ip ranges are as connected in our pfSense box.
a. 203.xxx.xxx.154/31 - WAN IP
b. 182.xxx.xxx.23/29 - OPT1 IP
c. 192.168.1.1/24 - LAN IP

Two IP ranges from only one provider on different interfaces??
So you have splitted your line by a switch to go into two interfaces? That makes no sense at all.

@slkamath said in Static IP NAT to LAN IP:

We want to access our file server from anywhere (Cloud).

Which protocol?
I presume, you use a protocol with data encryption like https for accessing the file server.

So you have to add a NAT port-forwarding rule for your external IP and to the files servers IP and port. To do that, you have to know the ports used by the file server.

slkamath

@viragomann Thank you.

2 IP ranges from 1 provider - yes.

Both IP's Gateway is configured in L2 Switch (this is provided by ISP).
From L2 Switch it is connected to pfSense.

I did the below step's (If I am wrong please guide me).

In pfSense there are 2 NW ports WAN & LAN. 1 OPT1 Port.

So I configured OPT1 as /29 Gateway IP. Added 1 IP in VIP's. I can Ping /29 Gateway. But not VIP's.

I also did the NAT. External IP as VIP's IP & Internal (NAT IP as) /24 IP. Port as HTTPS. But I didn't get any response to this. Getting message as Problem Loading Page.

Lokesh Kamath

slkamath

can someone guide me?
Lokesh Kamath

viragomann

It would be better to post some screenshots of your configuration here, so we can get what you really did.

@slkamath said in Static IP NAT to LAN IP:

Added 1 IP in VIP's.

Which kind of VIPs?

@slkamath said in Static IP NAT to LAN IP:

I can Ping /29 Gateway. But not VIP's.

From where?

@slkamath said in Static IP NAT to LAN IP:

I also did the NAT. External IP as VIP's IP & Internal (NAT IP as) /24 IP. Port as HTTPS.

What??
Post screenshots, so we can see.

Crunk_Bass

Assuming your /29 IP address range gets routed to your 203.xxx.xxx.154 you should not have to add any virtual IPs.
A NAT rule on the WAN interface should be enough.

The problem is, that 182.xxx.xxx.28/29 is not within your allocated subnet.

Your subnet is 182.xxx.xxx.16/29 so you can use 182.xxx.xxx.17 to 182.xxx.xxx.22.
The 182.xxx.xxx.23 you configured on your OPT1 interface is your BROADCAST address.
You can not use this address for your Interface if you want to have hosts connected to it for a DMZ using public IP addresses.

Take a look at a subnet calculator. It can help you with configuring the right IP addresses.
http://jodies.de/ipcalc?host=182.0.0.23&mask1=29&mask2=

slkamath

@viragomann Thank you so much.

Will post the screenshots in couple of days.

Lokesh Kamath

slkamath

@Crunk_Bass Thank you so much.

I will do the way you guided me and will inform you the result.

Lokesh Kamath