Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Static IP NAT to LAN IP

    Scheduled Pinned Locked Moved NAT
    8 Posts 3 Posters 760 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • slkamathS
      slkamath
      last edited by

      Hi,

      We want to access our file server from anywhere (Cloud).

      We are using pfSense as Firewall & Router & DNS Server.

      Our ISP has given 2 sets of Static IP Range. The Ip ranges are as connected in our pfSense box.

      a. 203.xxx.xxx.154/31 - WAN IP
      b. 182.xxx.xxx.23/29 - OPT1 IP
      c. 192.168.1.1/24 - LAN IP

      Our File Server LAN IP is 192.168.1.254/24 & we want to access over internet via IP 182.xxx.xxx.28/29

      How to configure this in pfSense box?

      Please guide me.

      Thanks & Regards
      Lokesh Kamath

      V 1 Reply Last reply Reply Quote 0
      • V
        viragomann @slkamath
        last edited by

        @slkamath said in Static IP NAT to LAN IP:

        Our ISP has given 2 sets of Static IP Range. The Ip ranges are as connected in our pfSense box.
        a. 203.xxx.xxx.154/31 - WAN IP
        b. 182.xxx.xxx.23/29 - OPT1 IP
        c. 192.168.1.1/24 - LAN IP

        Two IP ranges from only one provider on different interfaces??
        So you have splitted your line by a switch to go into two interfaces? That makes no sense at all.

        @slkamath said in Static IP NAT to LAN IP:

        We want to access our file server from anywhere (Cloud).

        Which protocol?
        I presume, you use a protocol with data encryption like https for accessing the file server.

        So you have to add a NAT port-forwarding rule for your external IP and to the files servers IP and port. To do that, you have to know the ports used by the file server.

        1 Reply Last reply Reply Quote 0
        • slkamathS
          slkamath
          last edited by

          @viragomann Thank you.

          2 IP ranges from 1 provider - yes.

          Both IP's Gateway is configured in L2 Switch (this is provided by ISP).
          From L2 Switch it is connected to pfSense.

          I did the below step's (If I am wrong please guide me).

          In pfSense there are 2 NW ports WAN & LAN. 1 OPT1 Port.

          So I configured OPT1 as /29 Gateway IP. Added 1 IP in VIP's. I can Ping /29 Gateway. But not VIP's.

          I also did the NAT. External IP as VIP's IP & Internal (NAT IP as) /24 IP. Port as HTTPS. But I didn't get any response to this. Getting message as Problem Loading Page.

          Lokesh Kamath

          C 1 Reply Last reply Reply Quote 0
          • slkamathS
            slkamath
            last edited by

            can someone guide me?
            Lokesh Kamath

            1 Reply Last reply Reply Quote 0
            • V
              viragomann
              last edited by

              It would be better to post some screenshots of your configuration here, so we can get what you really did.

              @slkamath said in Static IP NAT to LAN IP:

              Added 1 IP in VIP's.

              Which kind of VIPs?

              @slkamath said in Static IP NAT to LAN IP:

              I can Ping /29 Gateway. But not VIP's.

              From where?

              @slkamath said in Static IP NAT to LAN IP:

              I also did the NAT. External IP as VIP's IP & Internal (NAT IP as) /24 IP. Port as HTTPS.

              What??
              Post screenshots, so we can see.

              slkamathS 1 Reply Last reply Reply Quote 0
              • C
                Crunk_Bass @slkamath
                last edited by Crunk_Bass

                Assuming your /29 IP address range gets routed to your 203.xxx.xxx.154 you should not have to add any virtual IPs.
                A NAT rule on the WAN interface should be enough.

                The problem is, that 182.xxx.xxx.28/29 is not within your allocated subnet.

                Your subnet is 182.xxx.xxx.16/29 so you can use 182.xxx.xxx.17 to 182.xxx.xxx.22.
                The 182.xxx.xxx.23 you configured on your OPT1 interface is your BROADCAST address.
                You can not use this address for your Interface if you want to have hosts connected to it for a DMZ using public IP addresses.

                Take a look at a subnet calculator. It can help you with configuring the right IP addresses.
                http://jodies.de/ipcalc?host=182.0.0.23&mask1=29&mask2=

                slkamathS 1 Reply Last reply Reply Quote 0
                • slkamathS
                  slkamath @viragomann
                  last edited by

                  @viragomann Thank you so much.

                  Will post the screenshots in couple of days.

                  Lokesh Kamath

                  1 Reply Last reply Reply Quote 0
                  • slkamathS
                    slkamath @Crunk_Bass
                    last edited by

                    @Crunk_Bass Thank you so much.

                    I will do the way you guided me and will inform you the result.

                    Lokesh Kamath

                    1 Reply Last reply Reply Quote 0
                    • First post
                      Last post
                    Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.