1:1 NAT not working
-
Hi,
I know it is very simple configuration but some how i am not able to get it done. I have install pfsense 2.0.3 32 bit. Installation is completed and working fine. It is three interface installation. WAN , LAN and OPT1. WAN is of /30 subnet, LAN is of 10.10.20.0/24 and OPT1 is 10.10.10.0/24.
Now i want one of my public IP to be configured with 1:1 NAT with one of the IP of OPT1 (DMZ). Public IP is of /29 subnet.
I tried to follow all the guide available but still i am not able to get it done.
Can any body please help me how can i do it.
-
You are contradicting your self perhaps. Your wan cannot be /30 and your public a /29. Unlesss you are routing to one in the /30 in which case you have a routed setup and 1:1 nat is useless.
-
Hi,
thanks for reply…
my ISP has provided me the IP address in this fashion.. our WAN IP is in /30 subnet that is 255.255.255.252 and 8 public ips are in /29 that is 255.255.255.248 subnet.
-
WAN IP is as below
IP (for our end device) : XXX.XXX.XXX.34
Subnet : 255.255.255.252
Gateway (for wan ip) : XXX.XXX.XXX.338 Public IPs
XXX.XXX.XXX.248
XXX.XXX.XXX.249
.
.
.
.
XXX.XXX.XXX.255Subnet: 255.255.255.248
XXX.XXX.XXX series in all above ips are same, just difference is subnet
Please let me know how can i configure 1:1 NAT. I also had word with ISP he update that it will work with out any problem.
-
If they are not routed, then you will need to proxyarp, as in a virtual ip, them prior to 1:1 NAT.
-
Thanks for you support..
After your support and support from chat with forum i was able to configure the NAT and ICMP ping was succefully.
But just one difficulty i m facing here is 1:1 NAT between WAN and LAN is working fine. But 1:1 NAT between WAN and OPT1 is not successfully.
I have checked the firewall rules. below are the firewall rule applied for 1:1 NAT for configuration give with
WAN IP : xxx.xxx.xxx.252 (also virtual Ip created as type "Other" for this ip)
LAN IP : 10.10.20.60
OPT1 (DMZ) IP : 10.10.10.59Firewall Rule for WAN
Proto Source Port Destination Port Gateway Queue
ICMP * * 115.112.149.252 * * none
ICMP * * 10.10.10.59 * * none
ICMP * * 10.10.20.60 * * noneFirewall Rule for LAN
Proto Source Port Destination Port Gateway Queue
ICMP * * * * * noneFirewall Rule for OPT1(DMZ)
Proto Source Port Destination Port Gateway Queue
ICMP * * * * * noneNow if i configure 1:1 NAT for WAN and LAN i get ping succesful. But if i change IP 10.10.20.60 (LAN) to 10.10.10.59 (OPT1 - DMZ) then i do not get ping. Again if i change ip to LAN ping is successful.
can you please guide me where i m wrong.
-
Let me preface this with, ping is not a good way to tell if things are working properly. I would test with http, ssh, or just about any tcp protocol services (aside from ftp). It would also be nice to know where you are pinging from.
-
not only NAT but i also found now that even i am not able to access internet from OPT1 (DMZ) network. I can able to access internet from LAN but not from OPT1…
I tried one PC with LAN network subnet with gateway as LAN interface IP and my internet working fine.. but when i shift the same system in OPT1 network subnet and provides gateway as OPT1 interface ip then i my internet is not working.
-
well according to the rules you posted, only ping is allowed out. you need to add a rule for outbound traffic from OPT1. There is not one by default, only on LAN is one created by default. The global rule is to block.
-
Hi,
I checked firewall rules i have dont find any such rule for LAN even.. can you just guide me where i should put this outbound rule..
-
The rule should be in LAN and OPT1 that basically says that from LAN/OPT1 Net to any is allowed.