Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Confused about 1:1 NAT

    Scheduled Pinned Locked Moved NAT
    6 Posts 3 Posters 2.2k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • 3
      3n1gm4
      last edited by

      We are connecting our devices to someone else's network and we need remote access to these devices.  The network is not able to supply a VPN.  Therefore, the network admin gave us a 1:1 NAT.  I understand using a 1:1 NAT to an individual server and using that public IP to get to that server on the LAN.  I'm confused on how this gives us remote access to multiple devices.  Do I set my Pfsense WAN interface to the given public IP address and effectively have a separate LAN on their network or what?

      1 Reply Last reply Reply Quote 0
      • johnpozJ
        johnpoz LAYER 8 Global Moderator
        last edited by

        Did they give you a 1:1 for the network your on at their location.

        For example if your devices are say 192.168.1.0/24 and say you have devices at .100 and through .110

        And your public range is 1.2.3.0/24 – so 1.2.3.100 would go to 192.168.1.100 and 1.2.3.103 would go to 192.168.1.103 ?

        Or if they gave you access to 1 of your devices, you could then run whatever remote access you needed, be it a vpn into this 1 device, or remote desktop to that 1 device, and then you could remote desktop to your other devices from that 1 device?

        More info would be helpful.

        An intelligent man is sometimes forced to be drunk to spend time with his fools
        If you get confused: Listen to the Music Play
        Please don't Chat/PM me for help, unless mod related
        SG-4860 24.11 | Lab VMs 2.8, 24.11

        1 Reply Last reply Reply Quote 0
        • 3
          3n1gm4
          last edited by

          I was given a single 1:1 NAT with one public WAN IP NAT'ed to a LAN IP (ex. 192.168.1.100) with a block of 5 IPs on that LAN.  My question is, could I set a PFsense up on that 1:1 NAT WAN IP to use it as a VPN server and connect to the rest of the 5 LAN devices?

          1 Reply Last reply Reply Quote 0
          • johnpozJ
            johnpoz LAYER 8 Global Moderator
            last edited by

            Well that might be a bit difficult depending on how they have the devices connected.  Does your 1 device your wanting to run pfsense on have 2 interfaces?  So these other devices you have not have internet access?  Or when they go out to internet do they come from a different IP range than the 1:1 nat they gave you?

            An intelligent man is sometimes forced to be drunk to spend time with his fools
            If you get confused: Listen to the Music Play
            Please don't Chat/PM me for help, unless mod related
            SG-4860 24.11 | Lab VMs 2.8, 24.11

            1 Reply Last reply Reply Quote 0
            • 3
              3n1gm4
              last edited by

              The pfsense device is an embedded system with 3 interfaces (LAN, WAN, OPT1).  The other devices would be in the same range as the 1:1 NAT. .50 is the LAN NAT. .51-.55 are the other devices.

              1 Reply Last reply Reply Quote 0
              • T
                tim.mcmanus
                last edited by

                This isn't a pfSense-related answer, but in complex situations like this I tend to use the free version of LogMeIn and attach to one box remotely that way and then hop from there to other internal servers.

                Sometimes using a "phone home" agent works better than trying to engineer complex networking.

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post
                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.