Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    VIP's nat1:1 help newbie

    Scheduled Pinned Locked Moved
    HA/CARP/VIPs
    2
    3
    2.7k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • B
      bassan8or
      last edited by

      So i have been using pfsense for awhile, but only for basic functions. now with oceanic not allowing me to change modem settings, i have to use it in a more elaborate way.

      basically this is what i want to happen

      i have 14-15 static ip's from my cable.

      i want the computers to use the pfsense router with the main IP. then i want the xbox's to have virtual ips with a 1:1 nat setup and the appropriate ports forwarded for online play with open nat.

      i have installed a network card for the opt1. and assigned the interfaces. on the server screen it shows none for an ip. i have tried this with all of the xbox's on.

      i have also tried setting up a single virtual ip with another static ip that is in my range. and configured the nat to forward the selected ports for it. to a static internal ip of 192.168.0.21. I would figure that the subnet would be the same as the router for internal ips of 255.255.255.0. and the gateway would be the same of the router. but i am not positive. the router gateway is 192.168.0.2

      under the interfaces i am a bit confused with setup process.

      i enable it, and im not sure if i need to bridge it with WAN. or leave it blank and choose an ip. but then what ip do i choose?

      and can i even do what i need to do. basically set up 8 virtual ips with all static public IP's then choose internal nat rules that use each of the public ip's with the proper nat port forwards.

      thanks any help would be great

      1 Reply Last reply Reply Quote 0
      • S
        scoop
        last edited by

        Hi,

        There are (at least) two ways to solve this.

        You could opt for bridging the WAN interface with OPT1 and use pfSense as a filtering bridge. That way you can just configure the cable static IP's on the Xbox's themselves. That way they will use your ISP default gateway and DNS etc. and you can skip the hassle of configuring NAT. The downside is that your Xbox's will only be able to access the WAN IP of pfSense which might limit you in some way. Another downside is network access from the Xbox's to  the regular LAN (192.168.x.x) is not possible unless you configure the firewall to allow traffic from/to these subnets explicitly on the WAN interface (and it's not a particular beautiful or secure thing to do).

        Another way is configuring a separate private subnet (i.e. 192.168.2.xxx) for the Xbox's, create 14-15 Virtual IP's and create 1:1 NAT mappings from the static cable IP's to the corresponding internal private IP's of the Xbox's (192.168.2.xxx). This way it's easier and nicer to configure access between the regular LAN and the Xbox LAN, since you just create the appropriate rules on the corresponding interfaces (i.e. Allow any from LAN subnet on LAN interface, and Allow any from Xbox subnet on OPT1 interface).

        Also, in theory there is no need to create a separate subnet for this, or even use a separate interface for that matter. You could just put your Xbox's in the regular LAN, create static DHCP entries for your Xbox's and create the VIP's and 1:1 NAT mappings. But having a separate interface for a DMZ so to speak of course isn't a bad idea.

        First you decide how you want to setup your network topology, then usually the setup / configuration with pfSense is a walk in the park. ;)

        1 Reply Last reply Reply Quote 0
        • B
          bassan8or
          last edited by

          we basically couldnt get any configuration to work with the opt1 output. so we gave up on that.

          currently we have it configured back to the cable modem smc 8014. that has 1 cable go to the pfsense. and 1 cable go to a switch with the xbox's on it. using static ip's.
          this way has intermittent issues with allowing the xbox's to stay connected. they always have to retry connection to get it to work.

          so now i had an oceanic tech replace the modem. but it is still having the same problem. where it does not always pull the static ip's correctly. they tell me anything after the modem is not their problem. even though all im doing is adding a switch to the modem to allow more ip's to be pulled.

          basically i want them to put it in s pseudo bridge mode with statics. this disables everything on the modem/router to allow my devices to pull everything how they want. but oceanic does not support this mode and will not allow the user to put it into this mode. so im at a loss of what to do.

          so the tech was cool, and we actually are neighbors. so maybe he will find the right level 3 tech that can help me with my problem

          1 Reply Last reply Reply Quote 0
          • First post
            Last post