Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    NAT to duplicate address on multiple VLANs

    Scheduled Pinned Locked Moved NAT
    3 Posts 3 Posters 1.3k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • R
      RudiMM
      last edited by

      We have packaging equipment that comes from the fabricator with three default addresses; 192.168.1.10, 192.168.1.20 and 192.168.1.30 with a gateway of 192.168.1.1.  We have 3 of the packagers on site.  For whatever reason, changing the addresses is a big deal.  The fabricators solution is to place a gateway with one-to-one NAT in front of each line.  So the gateways would have 9 addresses NAT-ed to the various packaging controller interfaces. 
      I would like to set up a VLAN per packager and then 1:1 NAT to a fourth VLAN for outside access.  I can not find a way to allow the same network on multiple interfaces. Our fallback is to run 3 pfSense instances on Virtual Box.

      1 Reply Last reply Reply Quote 0
      • johnpozJ
        johnpoz LAYER 8 Global Moderator
        last edited by

        you can not put the same networks on different vlans.  Their solution of putting a nat device in front of the devices..  What is this device?  Or is it going to be what you put in front.  If so then sure you could put pfsense vms in front.

        How big of a deal is it to just change the IPs to say 192.168.2.10, 2.20, 2.30 and 3.10, 3.20, 3.30, etc.. where the gateways would be 192.168.2.1 and 192.168.3.1, etc.

        An intelligent man is sometimes forced to be drunk to spend time with his fools
        If you get confused: Listen to the Music Play
        Please don't Chat/PM me for help, unless mod related
        SG-4860 24.11 | Lab VMs 2.8, 24.11

        1 Reply Last reply Reply Quote 0
        • C
          cmb
          last edited by

          I've heard of such horrid scenarios in industrial automation. Apparently with some SCADA systems the world will come crashing down if X PLC isn't 192.168.1.10, Y HMI isn't 192.168.1.20, or what have you. Absurd, but SCADA is full of network and (in)security absurdities.

          It's not possible to have one machine with duplicated IPs existing simultaneously on multiple VLANs. You want to talk to 1.2.3.4 which is NATed to 192.168.1.10, there can only be one 192.168.1.10 as there is no possible way to differentiate which 192.168.1.10 you want - the NAT happens purely at layer 3.

          VMs (in a production server-grade hypervisor, not VirtualBox) could work. Multiple physical boxes would work.

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.