Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    NAT 1:1 not connecting to repositories.

    Scheduled Pinned Locked Moved NAT
    1 Posts 1 Posters 248 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • E
      ElliotL
      last edited by

      Hi there!

      Got a set of servers on a private IP range (10.0.1.x) that need to have occasional internet access for things like server updates. To do this we have created some 1:1 NAT Rules that we can manually turn on or off as the servers need it.

      Our virtual IP range (Public IPs, 185.216.x.x) have been created as individual /32s and set as Proxy ARP type.

      On the NAT Mappings, we have it set as:

      Interface (WAN) External IP (185.216.x.x) Internal IP (10.0.1.x where the last x is the same for the external IP and internal IP. For example, 185.216.0.10 goes to 10.0.1.10). Destination IPs are set to any.

      The servers can ping 1.1.1.1 no issue.
      The servers can ping google.com with no issue.

      However when it comes to doing something like apt-get update, or curl icanhazip.com, the servers fail to resolve or connect to the repository.

      pfSense is currently just configured to forward all DNS to 1.1.1.1, 1.0.0.1, 8.8.8.8 and 8.8.4.4. There's also a blank firewall rule to allow any WAN traffic to pass to the LAN IPs whilst we diagnose.

      Any idea why this would be?

      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.