4. 1:1 NAT but limit inbound only from a list of IP addresses

1:1 NAT but limit inbound only from a list of IP addresses

  • N

    I have 1:1 NAT working with 192.168.10.1 as my internal NATed address.  I want to restrict only certain IP external ranges to be able to send me traffic to the NATed device.  My firewall rule for WAN is IPv4 * * 192.168.10.1 * * none.  Everything works fine, but when I change the rule to include a source address of one of the external IPs i want to restrict, I see blocks in the firewall not allowing the traffic.  Doesn't make any sense to me.  I have Proxy ARP chosen for my VIP option for the external IP.  Do I need to create an alias with all list of IPs I want to allow and make that the source in the WAN firewall rule?  I refreshed my states, etc. when I changed the working rule.  I am on 2.1.4.  Couldn't get 2.2 to NAT at all.  Any help is appreciated.  There are lots of tutorials on NAT, but I couldn't find any that deal with only accepting NATed traffic from specific IP ranges.  I have five external statics at this location.

    0
 

Products

Applications

Support

Services

News

Resources

Company

Our Mission

As host of the pfSense open source firewall project, Netgate believes in enhancing network connectivity that maintains both security and privacy. We also believe everyone should be able to afford it.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2002 - 2018 Rubicon Communications, LLC | Privacy Policy