NAT to address range

PinkButterFly

Hello Everybody;

I have the situation below :

LAN (x.x.x.x) –------pfsense (192.168.10.1)---------WAN (192.168.10.0)

I want to translate every adress coming from LAN to the WAN interface into an adress from the WAN network 192.168.10.0/24
For the test , I used SharkWire on an network interface of a machine in the wan Pc2 to see the paquets coming from an interface from the LAN Pc1 when executing ping

Pc1 (LAN) –-------->ping------->Pc2 (WAN)

With Firewall : NAT : Outbound ,I chossed Manual Outbound NAT rule generation (Advanced Outbound NAT (AON))

this is my mapping:

1st case :

Interface  Source Source    Port Destination      Destination          Port      NAT Address              NAT Port    Static Port 
  WAN      172.16.0.0/17            *                192.168.10.0/24      *        * (=Interface address)        *              NO

on the sharkwire , the command ping from pc1 to pc2 show me pakets coming from 192.168.10.1 to 192.168.10.x , so the mapping is fine, I ve used the Wan interface adress as outgoing adress for all adresses from LAN

2ndcase :

Interface  Source Source    Port Destination      Destination          Port      NAT Address              NAT Port    Static Port 
  WAN      172.16.0.0/17            *                192.168.10.0/24      *        192.168.10.2        *              NO

192.168.10.2  is a virtual IP single adress
I could see packets coming really from x.x.x.x to the WAN as coming from 192.168.10.2 which is Ok

3rd case :

Interface  Source Source    Port Destination      Destination          Port      NAT Address              NAT Port    Static Port 
  WAN      172.16.0.0/17            *                192.168.10.0/24      *          192.168.10.0                  *              NO

in this case, I want adresses from the LAN to be translated into adresses from a range which I specify. When making virtual IP adresses, I have choice to make single or network. I choosed network n I specified the same network of the WAN 192.168.10.0/24 but when sniffing on the traffic between pc1 n pc2, the translation is made into 192.168.10.0 and 192.168.10.1  which is wierd and besides I cant use any adress from this range anymore to attribute it to any pc in the WAN, it keeps the whole range adress. how to do ?

Thanks for ur concern in advance.

GruensFroeschli

You cannot specify a range as NAT IP.
You will have to create as many NAT rules as you have Virtual IPs.

PinkButterFly

thanks

ok, but why do I have this option of network in the virtual IP address? It wont b practical to put many rules as I have adresses..
is it the same line in each mapping with a difference just in NAT address , means

Interface  Source Source    Port Destination      Destination          Port      NAT Address              NAT Port    Static Port 
  WAN      172.16.0.0/17            *                192.168.10.0/24      *        192.168.10.2        *              NO
  WAN      172.16.0.0/17            *                192.168.10.0/24      *        192.168.10.3        *              NO
  WAN      172.16.0.0/17            *                192.168.10.0/24      *        192.168.10.4        *              NO
  .
  .
  .

when I specify my network in virtual IP and then return to edit the Virtual IP @, I found that it is a single address which is confusing !!

GruensFroeschli

You can specify ranges of VIPs only with PARP.
THis can be usefull if you want to 1:1 NAT map a whole range at once.

But usually you define VIPs for such an usage how you want it as single IPs.

You can also not use aliases in the Advanced outbound NAT rules :(