NAT a WAN IP to an internal subnet IP? [SOLVED]

  • Hi all,

    I want to make a host external to pfSense appear as if it's on an internal subnet - so that clients on that subnet can access it directly via non-routed connections. Actually it's because the network I'm setting up is a clone of production and they will all have the internal address of this server built-in, so-to-speak. So to save me having to change them all I want to have pfSense NAT an address on the WAN interface into one of the OPT subnets so that the internal hosts see it as local.

    This seems like it should be simply a direct reversal of a standard public NAT where an internal IP is mapped to an public IP on the WAN interface of the firewall. But it doesn't seem to want to work this way around.

    I have given the pfSense a virtual IP on the OPT interface in question; I have tried the NAT settings for this 1:1 with different combinations but no luck. My thinking is that if a normal external NAT looks like this in the NAT list in pfSense:

    Interface       External IP                   Internal IP                     Destination IP
    WAN             %publicsubnet%.20        %OPT1-subnet%.20       *

    ..then what I'm trying to do should look like this:

    Interface       External IP                   Internal IP                     Destination IP
    OPT1           %OPT1-subnet%.20        %publicsubnet%.20        *

    Or am I doing something wrong?

    Also, if I have additional OPT interfaces, do I need to enable NAT reflection for this NAT in order for hosts on those interfaces to be able to ping the virtual (NATed) IP on the OPT1 interface?



    Fixed it. My problem was that I was also trying to NAT the whole OPT1 interface out to a range on the WAN so it could be accessed also. But I don't need to make that subnet available actually so I've just removed it and I can reverse-NAT the host like I wanted. :)

Log in to reply