Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Routing confusion, want to move away from 1:1 NAT

    Scheduled Pinned Locked Moved Routing and Multi WAN
    2 Posts 1 Posters 1.5k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • I
      icpsco
      last edited by

      Hello everyone.
      I currently have a /28 public IP block from x.64 to x.78.  I want to move away from my current set up, and I'm not sure how to do it with pfSense.  Let me explain:

      • The address .64 is the first assigned address, but I was told .65 is the first usable
          -> But, I made .64 have a 1:1 NAT mapping to the LAN address of my pfSense box.  I was able to use .64

      • I was also told .78 would be the broadcast address, but I'm using it for another machine on the network using 1:1 NAT, there are no problems and I can connect to the machine at .78 from the outside.

      • I also have NAT reflection enabled, so if I ping any of my public IPs from inside the network, they respond.  I can also connect to external IPs from inside, and they go to the correct target machines.

      • When I traceroute from inside, however, my packets bounce off the ISP routers and then go back through my pfSense box, through the 1:1 mapping, and to the target machine.
          -> Is it possible to make the pfSense box turn the packets around to the right machine as soon as the packet hits the pfSense box, instead of going all the way to the ISP router and through the 1:1 NAT mapping?

      Here's my problem now.  I want to move away from 1:1 NAT (with having each machine have a LAN subnet address and all) and move straight to each machine having the public IP right on the interface (instead of a private/non-routable LAN address on the interface)
      I'm not sure how to go about making pfSense capable of routing public IPs without using 1:1 NAT.
      I also want the packets to go to the right machine from my pfSense box, not the ISP router.

      If I'm missing any info that you need in order to help me out, let me know, I'll be glad to provide you with more info.

      Thanks in advance.

      1 Reply Last reply Reply Quote 0
      • I
        icpsco
        last edited by

        In short, my current traceroute looks like this:

        1     4 ms     3 ms     2 ms  myrouter.my.net [10.0.0.1]
        ** 2     8 ms     9 ms     9 ms  isp-router.isp.net [123.x.x.234]**
         3    17 ms    18 ms    25 ms  server-nat-address.my.net [x.x.x.65] (this is actually my pfSense box using NAT)
         4    14 ms    18 ms    18 ms  real-server-interface.my.net [x.x.x.65] (this is the server the address is 1:1 NATed to)

        But I want it to look like this: (I don't want packets from the inside to go all the way to the ISP router, I want them to bounce straight from my router to their destination, if they're one of my addresses)

        1     4 ms     3 ms     2 ms  myrouter.my.net [10.0.0.1]
         2    14 ms    18 ms    18 ms  real-server-interface.my.net [x.x.x.65]

        So first, is this possible?  If so, can someone please tell me how to get my pfSense box to do it?

        Thanks in advance.

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.