Multiple external IP addresses

draccusfly · Jul 12, 2013, 9:38 AM

Hi,

I am in the process of setting up a new pfsense box via VMWare and need some clarification on how to configure multiple external IP's correctly.
We have 10 IP addresses pointing to the internet so I have configured my gateway and external IP address accordingly but I need to allow several IP addresses to hit the box and then be routed through to various different systems. So I have configured virtual IP's for my entire range and need to make sure they are routed through properly. After googling around I found a tutorial on setting up 1:1 NAT, however a few of the IP addresses go to multiple systems on different ports (fairly normal setup i guess).
Just for reference here's an example:
1.1.1.2 - > 192.168.1.1:80, 192.168.1.2:443 and 192.168.100.3:1234>3389 (NAT'd port 1234 to 3389 to mask RDP port)
1.1.1.3 - > 192.168.1.254, 192.168.100.6

So if I use 1:1 NAT with firewall rules to port forward which will be read first, the 1:1 NAT rules or the firewall rule. If it's the 1:1 NAT rule then will the system get confused as to where the packets need to go or will it then check the firewall rule and route traffic according to the rule. If that's the case do I actually need the 1:1 NAT mappings? or can I just use firewall rules to route the traffic?

Some clarification would be a great help.

Bets regards
Drac

pinoyboy · Jul 12, 2013, 1:24 PM

Step 1: VIP

Step 2: NAT

Step 3: Firewall rules to open per Host

That is it!

draccusfly · Jul 13, 2013, 10:18 AM

Thanks for the reply. I had set my Virtual IP addresses as lfAlias rather than CARP (not 100% sure what the difference is).
I noticed from your post that your external virtual IP's are each pointing to a different internal machine, whereas in my scenario I had set one virtual IP to NAT to 4 different internal IP's with some on different subnets. In the end I disabled the NAT 1:1 mappings and just used NAT port forwards and this seems to be working fine now.

Regards
Drac