Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Firewall NAT / Outbound

    NAT
    3
    9
    3612
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • B
      bkrc last edited by

      Hello,
      My servers IP address as attempts to exit from the inside out, "WAN Static IP configuration" at the "IP address" that I wrote in the Metro Ethernet IP address appears.
      So I'm assigned to servers, "Virtual IP" address does not appear to whois queries.
      "Firewall - NAT - Outbound" tab of the adjustments I struggled with but the results did not get a pretty …

      While I understand from the inside out in a separate NAT for the LAN must make adjustments ..
      I would like help from friends about the experience with this issue ..

      Thank you ...

      1 Reply Last reply Reply Quote 0
      • T
        trunglam last edited by

        I don't think Virtual IP is good for this situation, you must assign them to specific interface.

        1 Reply Last reply Reply Quote 0
        • P
          podilarius last edited by

          VIP is not a bad idea, you must use 1:1 or a combination port forward and manual outbound NAT if you want something other than the WAN address. Please also note that manual outbound rules are first matching, so if you have your VIP listed below your auto created rules (the one for WAN) then you will always get your WAN address for the outgoing IP.

          If I am understanding your problem correctly.

          1 Reply Last reply Reply Quote 0
          • B
            bkrc last edited by

            Hello,
            While users have given out the ip address I want to do with the output..
            I want to create a rule for servers in the same way.
            Wan seems a static ip address, I could not make out with the Virtual IP address..

            Configuration as in the picture


            1 Reply Last reply Reply Quote 0
            • P
              podilarius last edited by

              Okay, your first mistake is that you /24 is above your /32 entries. NAT like firewall rules (aside from floating) are first matching. So if 172.16.100.2 tries to go out, it is going to match the first rule and go out as your WAN ip and not the second entry you have setup. You will need to move your /24 to the bottom of the list.

              1 Reply Last reply Reply Quote 0
              • B
                bkrc last edited by

                Hi,
                I examine the subject, and others live, but the problem you mentioned is not related to them ..
                Metro IP block to assign only one of them described kullacılarıma and he'd like to make out the Internet via IP address.
                The system installed on the proxy server.

                Structure, such as I have mentioned;

                Virtual (Real)        IP Lan
                10.0.0.1            172.16.100.1 (Web, Mail Server)
                10.0.0.2            172.16.100.11 - 172.16.100.254 (Internal Users)

                Web to my WAN IP address 10.0.0.1 from the outside: 172.16.100.1 Port: There is no shortage now working to make 80 1 to 1 Nat.

                However, the exact opposite of this situation 172.16.100.11 to 254 with the internal network ip address 10.0.0.2 I want to walk out of my users.

                As far as researched by the forum;

                "I have pretty much the same scenario here and it works as it should…

                At- System/Advanced/Firewall Nat/  make sure that "Disable reply-to" is not checked...

                I do not have outbound nat "static port" selected. "

                Checked'i picked the appropriate tab,
                Firewall: NAT: Outbound tab of the Manual Outbound NAT rule generation (AON - Advanced Outbound NAT) NAT addresses by checking the Source Address is 10.0.0.2 as the ip address of the internal user, though it would define a system configuration'daki WAN Static IP WAN IP address with the IP Address tab I wrote is output. Whois lookups do not change the ip address ... It might be a proxy? There is one point I missing, but could not find yet ...

                I would like to help with nat settings from..  Address all the problems appear gateway ip address is still. I can not make full sense of the output with the external IP address mentioned.

                Thank you..

                1 Reply Last reply Reply Quote 0
                • P
                  podilarius last edited by

                  Could you re-paste the current setup? The issue I saw doesn't seem to be addressed. Also turning off static ports is going to be a must on the NAT for 11-254.

                  1 Reply Last reply Reply Quote 0
                  • B
                    bkrc last edited by

                    Hello,
                    The current settings are as pictured.

                    Thank you.


                    1 Reply Last reply Reply Quote 0
                    • P
                      podilarius last edited by

                      Your rules appear to be correct. Are you using 1:1 NAT as well, or just port forward?

                      1 Reply Last reply Reply Quote 0
                      • First post
                        Last post

                      Products

                      • Platform Overview
                      • TNSR
                      • pfSense
                      • Appliances

                      Services

                      • Training
                      • Professional Services

                      Support

                      • Subscription Plans
                      • Contact Support
                      • Product Lifecycle
                      • Documentation

                      News

                      • Media Coverage
                      • Press
                      • Events

                      Resources

                      • Blog
                      • FAQ
                      • Find a Partner
                      • Resource Library
                      • Security Information

                      Company

                      • About Us
                      • Careers
                      • Partners
                      • Contact Us
                      • Legal
                      Our Mission

                      We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

                      Subscribe to our Newsletter

                      Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

                      © 2021 Rubicon Communications, LLC | Privacy Policy