NAT 1:1 newbie question



  • Hello, I am new to PfSense, and I have one problem. I got a class of public ips from my isp and I made them work … but in a random way.
    My LAN ip's are Class C 192.168.xxx.xxx and my router(pfsense) has 192.168.1.1. The problem is that my lan computers start from address 192.168.1.33, but pfsense starts giving public ip's from 192.168.1.2. So for the ip 192.168.1.2 he gives the public ip 8x.xxx.xxx.130, and I don't want to give that public ip to that lan ip, I want to give it to the ip 192.168.1.33 for example.
    My public ips are on /25 and my lan ips are on 192.168.1.33/255.255.255.0 . When I tried adding 1:1 NAT rules ... I had no results ... it still gave ip's as he wanted ... 192.168.1.2 = 8x.xxx.xxx.130 ; 192.168.1.3 = 8x.xxx.xxx.131 etc.
    I know my english is bad and my message is not that clear ... and sorry for that ... but please help.



  • Not sure if I understand, but it sounds like maybe you have gone to firewall, NAT, 1-1 NAT and created a nat mapping using external subnet 8x.xxx.xxx.129/25 mapped to 192.168.1.1. This will match 8x.xxx.xxx.129-254 to 192.168.1.1-126. To do what you want,I think you should delete this NAT mapping, then add individual ones as needed, such as external subnet 8x.xxx.xxx.130/32 internal subnet 192.168.1.33. Mapping one IP at a time (/32) will give you more control over which computers get which public IPs.



  • Thx alot mate, that worked , change from /25 to /32 … but if I'm not asking too much could someone explain how this "/25" work ?



  • The /25 notation is just shorthand for the block of IPs you got from the ISP. /24 is a Class C network with 254 hosts, /25 is half a C with 126 hosts, etc. A /32 just signifies a single host. If you use a mask other than /32 in the 1:1 NAT screen, you map multiple internal IPs to multiple publics.



  • Thank you very much dotdash ! And by the way … PfSense is very nice. Switched from IpCop for it.


Log in to reply