Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Firewall: NAT: 1:1 problems

    Scheduled Pinned Locked Moved 2.0-RC Snapshot Feedback and Problems - RETIRED
    5 Posts 4 Posters 2.3k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • C Offline
      Citymesh
      last edited by

      Hi,

      I have pfsense beta version      2.0-BETA4  () NanoBsd version.

      I've been strugling to get the 1:1 nat forwarding working.

      Let me quickly explain what the setup is.

      I have 3 interfaces.

      1 wan = wi-fi  (interface) 192.168.10.1/24
      2 lan  = ethernet1 interface where DHCP is running (for internet xs) 192.168.1.1/24
      3 lan  = ethernet2 interface which has static ip's for ip-phones 172.16.10.100

      Now i want to have 1 external ip address that will be natted for the internet access and 1 external ip that will be 1:1 nat to the ethernet 2 interface

      These are the steps i followed.

      1. i've added a VIP (virtual ip proxy-arp 192.168.10.2 to my wan interface)
      2. here i am struggling

      I go to firewall:nat:1:1 and select the wan interface

      As source address i use the ethernet2 address that is used on the phone = 172.16.10.101
      destination = network ? (192.168.10.0)
      and as external subnet is use 192.168.10.2

      However this is not working ..

      What am i doing wrong ?

      1 Reply Last reply Reply Quote 0
      • jimpJ Offline
        jimp Rebel Alliance Developer Netgate
        last edited by

        The 1:1 NAT layout is a tad confusing. There were some more commits on it last night that might clear things up, I haven't updated any of my VMs to see what it looks like yet though.

        Source is the internal IP, destination is where the traffic is going that will match the rule (usually "any"), external address is the "public" part of the 1:1, so the 192.168.10.2 IP would go there.

        Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

        Need help fast? Netgate Global Support!

        Do not Chat/PM for help!

        1 Reply Last reply Reply Quote 0
        • E Offline
          Efonnes
          last edited by

          Some of the changes include a reordering of the fields, making "any" the default on destination, and descriptions for all of the address fields, including hints about what should go in each.

          1 Reply Last reply Reply Quote 0
          • C Offline
            Citymesh
            last edited by

            well i've tried it but the forwarding just doesnt work .. i see entries when i set packet inspection on but nothing arrives on my destination machine.

            I might try the upgrade first .

            1 Reply Last reply Reply Quote 0
            • D Offline
              dragon2611
              last edited by

              @Citymesh:

              well i've tried it but the forwarding just doesnt work .. i see entries when i set packet inspection on but nothing arrives on my destination machine.

              I might try the upgrade first .

              Have you configured a firewall rule to allow the traffic through?

              If you are filtering by destination you need to use the internal ip.

              The NAT defines the mapping between the internal and external Ip address however the traffic will still pass through the packet filter and therefore will need appropriate rules to be configured on the incoming interface.  ;)

              Hope that helps.

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.