Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    1:1 nat

    Scheduled Pinned Locked Moved NAT
    10 Posts 3 Posters 286 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • E
      erdeed
      last edited by erdeed

      My Internet service provider gives me a block of 64 IPv4. How can host a Wireguard VPN server and do 1:1 nat with Pfsense?

      M 1 Reply Last reply Reply Quote 0
      • M
        michmoor LAYER 8 Rebel Alliance @erdeed
        last edited by

        @erdeed Is the wireguard server pfsense itself or a server behind pfsense?

        Firewall: NetGate,Palo Alto-VM,Juniper SRX
        Routing: Juniper, Arista, Cisco
        Switching: Juniper, Arista, Cisco
        Wireless: Unifi, Aruba IAP
        JNCIP,CCNP Enterprise

        E 1 Reply Last reply Reply Quote 0
        • E
          erdeed @michmoor
          last edited by

          @michmoor I have a server (Proliant DL20 Gen11) and I was wondering if I can install Pfsense on it to host a Wireguard VPN server and do 1:1 nat.

          M 1 Reply Last reply Reply Quote 0
          • M
            michmoor LAYER 8 Rebel Alliance @erdeed
            last edited by

            @erdeed pfSense can run wireguard and terminate remote clients without issue.
            I assume as part of your /26 assignment, pfsense will get a public IP. If so you don't need a 1:1 NAT as there is nothing to NAT.

            Firewall: NetGate,Palo Alto-VM,Juniper SRX
            Routing: Juniper, Arista, Cisco
            Switching: Juniper, Arista, Cisco
            Wireless: Unifi, Aruba IAP
            JNCIP,CCNP Enterprise

            E 1 Reply Last reply Reply Quote 0
            • E
              erdeed @michmoor
              last edited by

              @michmoor I have a block of 64 public IP. Can I nat each IP of this block to each clint connected to my server?

              M 1 Reply Last reply Reply Quote 0
              • M
                michmoor LAYER 8 Rebel Alliance @erdeed
                last edited by

                @erdeed Why would you need to NAT anything if pfsense is the wireguard server (it has the wireguard package installed) and clients connect to pfsense using the public IP given to you by your service provider.

                Firewall: NetGate,Palo Alto-VM,Juniper SRX
                Routing: Juniper, Arista, Cisco
                Switching: Juniper, Arista, Cisco
                Wireless: Unifi, Aruba IAP
                JNCIP,CCNP Enterprise

                E 1 Reply Last reply Reply Quote 0
                • E
                  erdeed @michmoor
                  last edited by

                  @michmoor I see.
                  The idea by hosting my own VPN is to assign a specific IPv4 from my block to each client that is connected to my server with the wireguard, that way they have that public IP from the block my ISP give. Can achieve this with PFsense?

                  E 1 Reply Last reply Reply Quote 0
                  • E
                    erdeed @erdeed
                    last edited by

                    @michmoor ??

                    S 1 Reply Last reply Reply Quote 0
                    • S
                      SteveITS Galactic Empire @erdeed
                      last edited by

                      @erdeed Do you want the devices to have public IPs directly? If not 1:1 will forward inbound traffic.

                      https://docs.netgate.com/pfsense/en/latest/recipes/route-public-ip-addresses.html

                      Pre-2.7.2/23.09: Only install packages for your version, or risk breaking it. Select your branch in System/Update/Update Settings.
                      When upgrading, allow 10-15 minutes to restart, or more depending on packages and device speed.
                      Upvote 👍 helpful posts!

                      E 1 Reply Last reply Reply Quote 0
                      • E
                        erdeed @SteveITS
                        last edited by erdeed

                        @SteveITS Thank you so much. Let me take a look at this article.

                        1 Reply Last reply Reply Quote 0
                        • First post
                          Last post
                        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.