4. Multi IP interface NAT

Multi IP interface NAT

  • I

    Hi,

    I have an interface with multiple ip address and NAT enabled. I am trying to figure out how to get certain traffic to use specific translated address. example, I have IP1 and IP2 in the interface. I want traffic which destination is NETWORK1 to use IP1 as translated address and traffic which destination is NETWORK2 to use IP2 as translated address. Right now the translation is a little messed up as traffic which going to NETWORK1 sometimes got translated as IP2.

    I hope I'm making sense here, any directions will be helpful. Thanks in advance!

    0
  • M

    Not really making sense. VLAN's? Routing? What are the IP's and mask's that you are using? WAN or LAN?

    0
  • C

    Outbound NAT controls what gets translated where. Exactly what your symptoms are isn't clear, but set your outbound NAT accordingly and you'll be set. details documented in http://pfsense.org/book

    0
  • I

    The interface I'm trying to NAT is OpenVPN. The interface itself has 2x IP address as I connect to 2 different Sites. When there is only 1 IP, everything works well. I created a Outbound NAT with Interface as OpenVPN, NAT address as "Interface".

    IP1 - 192.168.50.1/30
    Site1 IP mask - 10.0.0.0/16
    IP2 - 192.168.51.1/30
    Site2 IP mask - 172.16.0.0/24

    When there's 2 IP address assigned to the interface, the NAT will translate outbound traffic to either 1 of the IPs regardless of the route.
    So I am trying to setup the Outbound NAT, that if it goes through IP1, it will be translated to IP1 not IP2. Thus the logical setup target of the outbound NAT should be under "NAT Address" I tried using subnet option, Any option but nothing works.

    For the "other subnet" option under NAT Mapping, I entered 192.168.50.1/30 or /32 for any traffic that goes to Site1.
    However, when I use this option, the traffic that goes over to Site1 is translated to address 192.168.50.0 thus unable to get any return traffic.
    When I use "Interface" option under NAT Mapping, periodically traffic that goes over to Site1 is translated to both 192.168.50.1 or 192.168.51.1. If the address is translated to 192.168.50.1, then everything is well.

    Thanks cmb, I will try to look into the book for proper usage of NAT, perhaps I can find something

    0
  • I

    i somehow got it to work using NAT 1:1 to map specific internal address to the outbound address on the interface i want based on destination network. it seems more like a walkaround and not really elegant.

    0
Log in to reply
 

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2002 - 2019 Rubicon Communications, LLC | Privacy Policy