Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Adding 1:1 NAT to existing NAT-Rules

    Scheduled Pinned Locked Moved NAT
    4 Posts 3 Posters 1.8k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      shecki
      last edited by

      Hi,

      we're using pfsense for about 1 or 2 years now and have multiple Public IPs with several port forwardings and rules created. Everything is working fine.

      For outgoing traffic, we have only one Public IP and now want to have a second one.

      As I understand, I have to set a 1:1 NAT for one of our public IPs, which then can only be used for the set internal IP address for incoming traffic and Traffic coming from that internal IP, pfsense would send over the set external IP. Is this the correct approach?
      All public IPs are set as Virtual IPs in pfsense.

      Does this approach interfere in any kind with existing NAT rules if we use a Virtual IP, that isn't used in any NAT rule? With NAT rules I mean the rule list in Firewall:NAT:Port Forward.

      To be clear what we want to have:
      At the moment, we have about 15 public IPs with several Port Forwardings. Our outgoing traffic all runs over only one public IP, lets assume this is 1.2.3.4. For one internal IP, we want to set another public IP, lets assume 1.2.3.5, so that all outgoing traffic from this internal system goes to the internet as 1.2.3.5 than 1.2.3.4.

      And for perhaps further problems: Is it possible to set more than one internal IP per 1:1 NAT to an external IP?

      1 Reply Last reply Reply Quote 0
      • pttP
        ptt Rebel Alliance
        last edited by

        Check the docs ;)

        http://doc.pfsense.org/index.php/Category:NAT

        http://doc.pfsense.org/index.php/1:1_NAT

        1 Reply Last reply Reply Quote 0
        • S
          shecki
          last edited by

          Yeah i already checked this.

          I know, that Port Forwarding overrule 1:1 NAT.

          But what I not know for sure is, whether adding a 1:1 NAT Rule could have an effect on existing rules and perhaps cause some problems.

          Sure, the chosen Virtual IP could have problems, if we are using it, but all other Virtual IPs should stay untouched and everything should work?

          I'm asking, because I have no system for testings and have to apply the 1:1 NAT on a productive pfsense and killing all internet access would be very harmful. So I want to be really sure, that this won't happen.

          1 Reply Last reply Reply Quote 0
          • U
            Unubtanium
            last edited by

            Humm… why 1:1 NAT???

            I (witch is just a personal opinion) think that just normal nating is better as you have MUCh more control.
            Secondly why do you not just us AON, and there you just say what subnet or host should be nattet out on what public IP..
            THis is what i am doing here with 3WAN's with 5 Public's on each. works like a charm.

            Just be aware if you are not using AON and are going to switch to it MAKE Sure that the config is correct as you are saying that killing the internet would be very harmfull.

            Anyway hope you get this solved.

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.