Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    NAT 1:1 question

    Scheduled Pinned Locked Moved NAT
    12 Posts 2 Posters 5.5k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • H
      hollicor
      last edited by

      Hi

      I just ditched our Cisco router and installed pfsense box and got it to work thanks to the great minds here in pfsense forum!
      One of the things that made us shift to pfsense was its NAT 1:1 feature that was also present in our Cisco Router. Now I have a bunch of several public IP addresses that I want to assign to several internal IP addresses in our network. This is where I need help.

      Okay so I added all the public IP address that I wanted to bind in our internal network but it confuses me since we where not given any subnet mask by our ISP regarding the public IP addresses they provided us. So I don't know what to set in the /32 part.

      Would be okay if I just place my Public IP then /32 resulting in

      121.96.xx.xxx/32 for the external then I would like to assign it to
      192.168.x.x for the internal part?

      If that is good, Do I have to make a rule in the firewall to allow the source IP to the destination IP?

      Basically we are using NAT1:1 because we want to utilize our asterisk server in the office to make calls at home.

      Any insight,opinion and help is very much appreciated.

      Thanks!!!  :D

      1 Reply Last reply Reply Quote 0
      • G
        Gob
        last edited by

        Hi
        If you don't have the subnet details for your public IPs, add them individually to Firewall | Virtual IPs with a /32 subnet.
        In Firewall | NAT | 1:1, create a rule for each public IP that needs 1:1 NAT, also specify a single internal IP and a /32 for the internal subnet.

        1:1 traffic also passes through the firewall filter so you will have to create firewall rules to allow traffic through.

        Hope this helps.
        Gordon

        If I fix one more thing than I break in a day, it's a good day!

        1 Reply Last reply Reply Quote 0
        • G
          Gob
          last edited by

          ps…
          you may also find that you have to change the Outbound NAT to manual and select Static Port for your asterisk to work with NAT.

          An alternative solution is to put a public IP directly on your asterisk box and hook it up to another interface on pfSense that is bridged to your WAN. That way there is no NAT involved (which Asterisk prefers) and the bridged interface still goes through the firewall filter so you can still block traffic.

          I have sites with both methods used for asterisk and both work!

          G

          If I fix one more thing than I break in a day, it's a good day!

          1 Reply Last reply Reply Quote 0
          • H
            hollicor
            last edited by

            Hi gob!

            Thanks again for helping me.

            So First , you want me to add individually the Public IPs as Virtual IPs as Proxy ARP or as Other?
            Second,  add them again in the NAT 1:1 under the firewall tab.
            Third, create a LAN or WAN firewall rule manually that will allow the source IP to the destination IP correct?

            Regarding your other alternative, We have 3 asterisk servers here in the office so should I add 3 more NIC to our pfsense box ang connect them directly to the new NIC and bridge them all to the WAN interface?

            Thanks again gob. Sorry if i'm such a hassle  ;D

            1 Reply Last reply Reply Quote 0
            • G
              Gob
              last edited by

              No Hassle at all.

              yes, correct regarding the NATing.
              OR
              Add one bridged interface to pfSense. Plug that into a switch and plug you 3x Asterisk into that switch.
              Set the public IPs straight on the Asterisk boxes and configure their gateway to the IP of your Modem/Router.

              G.

              If I fix one more thing than I break in a day, it's a good day!

              1 Reply Last reply Reply Quote 0
              • H
                hollicor
                last edited by

                Can I just bridge the current LAN inteface since it's already connected to a switch that is connected to the 3x Asterisk and all other switch in our network? Thanks Gob!

                1 Reply Last reply Reply Quote 0
                • H
                  hollicor
                  last edited by

                  Gob,

                  I'm trying to add the rules right now and i'm a bit confused.

                  I'm currently in Firewall | Rules |Wan

                  Should I type in the Public IPs in the source field and the internal IP address at the destination field? Thanks!

                  1 Reply Last reply Reply Quote 0
                  • G
                    Gob
                    last edited by

                    if all you have on your lan are devices with public IPs then you could bridge yout lan. however if you also have regular computers that need NAT then it wont work. you'll need a separate interface from your lan.
                    i will have to check the rules on one of my pfsense boxes when i get to the office later.

                    If I fix one more thing than I break in a day, it's a good day!

                    1 Reply Last reply Reply Quote 0
                    • G
                      Gob
                      last edited by

                      for 1:1 NAT rules, the source on the wan tab is 'Any' if you want it open to the whole internet, whilst the destination is the internal IP.

                      if using the bridged interface option, the destination is the public IP on the asterisk.

                      If I fix one more thing than I break in a day, it's a good day!

                      1 Reply Last reply Reply Quote 0
                      • H
                        hollicor
                        last edited by

                        okay Gob! Will try to do that and give you a feedback.

                        ps

                        Where can I find the port that asterisk uses again? astGui.conf?

                        Thanks!

                        1 Reply Last reply Reply Quote 0
                        • G
                          Gob
                          last edited by

                          asterisk uses lots of ports depending on how it is confgured and what kind of trunks you are using.
                          I use the Trixbox distro of Asterisk so can't really comment on your setup.
                          That's one for the asterisk foorums I'm afraid.

                          If I fix one more thing than I break in a day, it's a good day!

                          1 Reply Last reply Reply Quote 0
                          • H
                            hollicor
                            last edited by

                            We're using vicidial.

                            i'll try to check with their forum. Thanks man!

                            1 Reply Last reply Reply Quote 0
                            • First post
                              Last post
                            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.