1:1 NAT to VLAN IP or Port Forward?



  • I think I'm just missing something here, I can't seem to get a secondary IP from our public /28 to NAT to a VLAN IP.

    I've tried to create the IP as a VIP, use direct 1:1, use the port forwarding etc…

    I have the WAN configured on 50.xxx.xxx.85 /28

    I need to port forward or 1:1 the public 50.xxx.xxx.86 to VLAN100 Internal IP 192.168.100.11 for HTTP traffic.

    Does anyone have a step by step?

    Physical Interface em1 has LAN on it, along with VLANS if that matters.

    Thank you in advance for you time!



  • as a hint in beginning, you can use aliases to ease out your struggle

    
    1\. Phase Create Virtual ip: type ip-alias
    Goto Firewall:Virtual IPs and press +
    Choose IP Alias
    Interface: WAN
    IP Address: 50.x.x.85 /32
    Description: as you like
    
    2\. Phase Create Port Forward
    Goto Firewall:NAT:Port Forward and press +
    Interface: WAN
    Protocol: as you need, most likely TCP or TCP/UDP
    Destination: 50.x.x.85
    Destination port range: http (or if you need http and https you could do port alias, i also added other ports needed as ssh)
    Redirect target IP: 192.168.100.11
    Redirect target port: 80 or that same alias as earlier
    Description: as you like
    All the other settings are default
    
    3\. Phase Create Manual Outbound NAT
    Goto Firewall:NAT:Outbound and choose manual and save after that
    Press +
    Interface: WAN
    Protocol: Any
    Source: Type:Network / Address: 192.168.100.11 /32
    Source port: Empty
    Destination: Any
    Translation: 50.x.x.85
    port: Empty
    Description: as you like
    
    4\. Phase Move your just created MON-rule to the first of the list and apply changes
    
    

    After those, just save everything and apply changes. Remember to reset states
    You should be covered, if you do these with aliases, you can change public ip quite, if you doubt that ip is in use or it doesn't work



  • @Metu69salemi:

    as a hint in beginning, you can use aliases to ease out your struggle

    
    1\. Phase Create Virtual ip: type ip-alias
    Goto Firewall:Virtual IPs and press +
    Choose IP Alias
    Interface: WAN
    IP Address: 50.x.x.85 /32
    Description: as you like
    
    2\. Phase Create Port Forward
    Goto Firewall:NAT:Port Forward and press +
    Interface: WAN
    Protocol: as you need, most likely TCP or TCP/UDP
    Destination: 50.x.x.85
    Destination port range: http (or if you need http and https you could do port alias, i also added other ports needed as ssh)
    Redirect target IP: 192.168.100.11
    Redirect target port: 80 or that same alias as earlier
    Description: as you like
    All the other settings are default
    
    3\. Phase Create Manual Outbound NAT
    Goto Firewall:NAT:Outbound and choose manual and save after that
    Press +
    Interface: WAN
    Protocol: Any
    Source: Type:Network / Address: 192.168.100.11 /32
    Source port: Empty
    Destination: Any
    Translation: 50.x.x.85
    port: Empty
    Description: as you like
    
    4\. Phase Move your just created MON-rule to the first of the list and apply changes
    
    

    After those, just save everything and apply changes. Remember to reset states
    You should be covered, if you do these with aliases, you can change public ip quite, if you doubt that ip is in use or it doesn't work

    I have a question: The .85 IP is already in use on WAN, I'm attempting to use the .86 is this still the correct way to go?

    I have done this exactly as shown here for the .86 and reset the state table but still cannot access the machine, I have confirmed I can access the .100.11 from inside.

    Thanks,
    Davin



  • try with .87 if .86 don't work, your modem might use it.

    and it will work with .85 if you don't have any use for http/https addresses on public ip with firewall management or in another system.



  • @Metu69salemi:

    try with .87 if .86 don't work, your modem might use it.

    and it will work with .85 if you don't have any use for http/https addresses on public ip with firewall management or in another system.

    Hi,

    I am certain .86 is not in use, we have a /28 with .81 as the gateway. For the .85 I have port forwards in use already. The only IPs in use on this block is the .85 and .82, I need to assign forwards for .84 and .86.

    Any other options I can try?

    Thank you for your help!



  • reboot :D
    Can your firewall ping to your server?



  • @Metu69salemi:

    reboot :D
    Can your firewall ping to your server?

    Rebooted, no change. Can ping from PFSense Ping Tool.

    Ping output:
    
    PING 192.168.100.11 (192.168.100.11) from 192.168.15.1: 56 data bytes
    64 bytes from 192.168.100.11: icmp_seq=0 ttl=128 time=0.331 ms
    64 bytes from 192.168.100.11: icmp_seq=1 ttl=128 time=0.226 ms
    64 bytes from 192.168.100.11: icmp_seq=2 ttl=128 time=0.223 ms
    64 bytes from 192.168.100.11: icmp_seq=3 ttl=128 time=0.233 ms
    
    --- 192.168.100.11 ping statistics ---
    4 packets transmitted, 4 packets received, 0.0% packet loss
    round-trip min/avg/max/stddev = 0.223/0.253/0.331/0.045 ms
    
    


  • Then i must raise my hands, i don't know what is the problem. Sorry



  • Metu69salemi- Thanks, your instructions helped me out.



  • That's nice to hear.

    And what is the OP's situation?



  • Resolved, your instructions were correct. It turned out to be that the server in question did not have the correct gateway assigned. Thanks for your help!


Log in to reply