Help Nat alias /24



  • Hello, I have a rang of valid ips /24, and was wondering if there as my internal lan out with these ips valid on the Internet? type, making a nat 1: 1 in the DMZ to few machines, as are many more is unfeasible to make a nat 1: 1, there is some solution in pfsense that allow me to do this with a / 24 whole without making one by one ??

    grateful for the attention



  • I am not entirely sure I follow what you are asking.

    Individual 1:1 NAT statements are called 1:1 for a reason.  You can't alias or range 1:1 NAT.  If you really felt the need to create 255 1:1 NAT statements for the entire /24, I guess you could always try entering that into the config via the command line.

    You can setup a NAT pool and have your LAN use a range of IPs either as round robin or sticky NAT for outbound NAT to the internet.



  • You can do a 1:1 NAT from a private /24 to a public /24, with a single 1:1 NAT entry, if that's what you mean.



  • Oh, I didn't know that.  Cool.  You learn something new every day. :P


  • Netgate

    You can also do a longer subnet to only 1:1 a portion of the /24 right?

    Like a /27 on 30.40.50.128 so 30.40.50.128 - 30.40.50.159 would be mapped to 192.168.1.128 - 192.168.1.159 ??



  • @Derelict:

    You can also do a longer subnet to only 1:1 a portion of the /24 right?

    Like a /27 on 30.40.50.128 so 30.40.50.128 - 30.40.50.159 would be mapped to 192.168.1.128 - 192.168.1.159 ??

    Yep, any subnet size is doable. Network address doesn't have to match between them either, just has to be the same size subnet. So 30.40.50.128/27 - 192.168.1.0/27 is doable too.


  • Netgate

    I thought they had to match.  Learned something new today.