4. Routing confusion, want to move away from 1:1 NAT

Routing confusion, want to move away from 1:1 NAT

  • I

    Hello everyone.
    I currently have a /28 public IP block from x.64 to x.78.  I want to move away from my current set up, and I'm not sure how to do it with pfSense.  Let me explain:

    • The address .64 is the first assigned address, but I was told .65 is the first usable
        -> But, I made .64 have a 1:1 NAT mapping to the LAN address of my pfSense box.  I was able to use .64

    • I was also told .78 would be the broadcast address, but I'm using it for another machine on the network using 1:1 NAT, there are no problems and I can connect to the machine at .78 from the outside.

    • I also have NAT reflection enabled, so if I ping any of my public IPs from inside the network, they respond.  I can also connect to external IPs from inside, and they go to the correct target machines.

    • When I traceroute from inside, however, my packets bounce off the ISP routers and then go back through my pfSense box, through the 1:1 mapping, and to the target machine.
        -> Is it possible to make the pfSense box turn the packets around to the right machine as soon as the packet hits the pfSense box, instead of going all the way to the ISP router and through the 1:1 NAT mapping?

    Here's my problem now.  I want to move away from 1:1 NAT (with having each machine have a LAN subnet address and all) and move straight to each machine having the public IP right on the interface (instead of a private/non-routable LAN address on the interface)
    I'm not sure how to go about making pfSense capable of routing public IPs without using 1:1 NAT.
    I also want the packets to go to the right machine from my pfSense box, not the ISP router.

    If I'm missing any info that you need in order to help me out, let me know, I'll be glad to provide you with more info.

    Thanks in advance.

    0
  • I

    In short, my current traceroute looks like this:

    1     4 ms     3 ms     2 ms  myrouter.my.net [10.0.0.1]
    ** 2     8 ms     9 ms     9 ms  isp-router.isp.net [123.x.x.234]**
     3    17 ms    18 ms    25 ms  server-nat-address.my.net [x.x.x.65] (this is actually my pfSense box using NAT)
     4    14 ms    18 ms    18 ms  real-server-interface.my.net [x.x.x.65] (this is the server the address is 1:1 NATed to)

    But I want it to look like this: (I don't want packets from the inside to go all the way to the ISP router, I want them to bounce straight from my router to their destination, if they're one of my addresses)

    1     4 ms     3 ms     2 ms  myrouter.my.net [10.0.0.1]
     2    14 ms    18 ms    18 ms  real-server-interface.my.net [x.x.x.65]

    So first, is this possible?  If so, can someone please tell me how to get my pfSense box to do it?

    Thanks in advance.

    0
Log in to reply
 

Products

Applications

Support

Services

News

Resources

Company

Our Mission

As host of the pfSense open source firewall project, Netgate believes in enhancing network connectivity that maintains both security and privacy. We also believe everyone should be able to afford it.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2002 - 2019 Rubicon Communications, LLC | Privacy Policy