Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    NAT 1:1 with different subnet size and NAT-pool

    Scheduled Pinned Locked Moved NAT
    1 Posts 1 Posters 1.8k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • E
      e-nwsolu-ode
      last edited by

      Hi all,

      maybe, this topic has been covered somewhere, but didn't find anything when searching - probably used the wrong search terms.

      I run with pFsense 2.0.2 and also with 2.0.3 some preliminary 1:1NAT scenarios in the lab to check NAT between LAN (10.10.0.0/24) and DMZ (OPT1, 10.10.10.0/24) and everything looked great (eg.: 10.10.0.5 <->10.10.10.5, etc.).
      All worked fine in a bi-directional way, which implies the hidden, automatically treated "Port-forwarding" in at least one direction. (All further security aspects are treated on level firewall rules).

      My problem:
      Unfortunately, in the operational environment, the LAN IP range is much larger then the /24 address range, even though the amount of participants do net exceed 254 hosts. With other words, around 200 host are spread over 10.10.0.0/22 (255.255.252.0).

      My question:
      How can a 1:1NAT (static ports, bi-directional) be configured to nat a large site into a smaller site to assure static "Port-forwarding" in both of the directions?

      I tried using AON with a NAT-pool (Proxy-ARP Virtual-IP-range on DMZ)  which worked fine from LAN -> DMZ, but failed to setup the opposite direction DMZ -> LAN (Port-forwarding method did not work, since it is not possible this to be configured for IP/DMZ to IP/LAN and for "any" ports to "any" ports.

      Is there no NAT-reflection for AON rules availabe?. I believe, this would do it!

      thanks
      Arn

      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.