4. Confused about 1:1 NAT

Confused about 1:1 NAT

  • 3

    We are connecting our devices to someone else's network and we need remote access to these devices.  The network is not able to supply a VPN.  Therefore, the network admin gave us a 1:1 NAT.  I understand using a 1:1 NAT to an individual server and using that public IP to get to that server on the LAN.  I'm confused on how this gives us remote access to multiple devices.  Do I set my Pfsense WAN interface to the given public IP address and effectively have a separate LAN on their network or what?

    0
  • LAYER 8 Global Moderator

    Did they give you a 1:1 for the network your on at their location.

    For example if your devices are say 192.168.1.0/24 and say you have devices at .100 and through .110

    And your public range is 1.2.3.0/24 – so 1.2.3.100 would go to 192.168.1.100 and 1.2.3.103 would go to 192.168.1.103 ?

    Or if they gave you access to 1 of your devices, you could then run whatever remote access you needed, be it a vpn into this 1 device, or remote desktop to that 1 device, and then you could remote desktop to your other devices from that 1 device?

    More info would be helpful.

    0
  • 3

    I was given a single 1:1 NAT with one public WAN IP NAT'ed to a LAN IP (ex. 192.168.1.100) with a block of 5 IPs on that LAN.  My question is, could I set a PFsense up on that 1:1 NAT WAN IP to use it as a VPN server and connect to the rest of the 5 LAN devices?

    0
  • LAYER 8 Global Moderator

    Well that might be a bit difficult depending on how they have the devices connected.  Does your 1 device your wanting to run pfsense on have 2 interfaces?  So these other devices you have not have internet access?  Or when they go out to internet do they come from a different IP range than the 1:1 nat they gave you?

    0
  • 3

    The pfsense device is an embedded system with 3 interfaces (LAN, WAN, OPT1).  The other devices would be in the same range as the 1:1 NAT. .50 is the LAN NAT. .51-.55 are the other devices.

    0
  • T

    This isn't a pfSense-related answer, but in complex situations like this I tend to use the free version of LogMeIn and attach to one box remotely that way and then hop from there to other internal servers.

    Sometimes using a "phone home" agent works better than trying to engineer complex networking.

    0
Log in to reply
 

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2002 - 2019 Rubicon Communications, LLC | Privacy Policy