Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    NAT 1:1 only for outbound, standard port forward for inbound help

    Scheduled Pinned Locked Moved NAT
    2 Posts 2 Posters 2.4k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • X
      Xionicfire
      last edited by

      Hi ive been reading the monowall manual pages, the search feature and the wikkis and for my life i either cant understand or dont know how to acomplish the following, seems simple enough but ive tried a bunch of ideas and none seem to work.

      I have a couple of servers inside the LAN that have mapped virtual IPs on the WAN.

      What im trying to do is the following:

      I know setting these as 1:1 nats would basically what i want to do, however setting them as 1:1 would ALSO basically DMZ the servers and thats exactly what im trying to avoid, i DO want ANY trafic generated from that specific machine to match a certain specific public IP when the traffic is going out (like say i log on to www.whatsmyip.com and that specific servers virtual IP shows up) but when people try to connect back to this IP i dont want any other connections except the ones set up on the port forwarding to go through.

      How would I go about acomplishing this? any help would be apreciated :/

      as a little help this should help explain what im trying to do

      when Server A (192.168.4.250) tries to connect somewhere its "public" ip shows up as 200.200.200.250
      However when someone tries to connect to 200.200.200.250 the port forward should route any packets on ONLY port 80 to Server B (192.168.4.240). technically if i were to 1:1 nat when someone connected back to 200.200.200.250 it would get sent to 192.168.4.250 and not to 192.168.4.240 and thats the problem :/

      I hope this explains it a bit better.

      1 Reply Last reply Reply Quote 0
      • P
        Perry
        last edited by

        when Server A (192.168.4.250) tries to connect somewhere its "public" ip shows up as 200.200.200.250
        However when someone tries to connect to 200.200.200.250 the port forward should route any packets on ONLY port 80 to Server B (192.168.4.240). technically if i were to 1:1 nat when someone connected back to 200.200.200.250 it would get sent to 192.168.4.250 and not to 192.168.4.240 and thats the problem :/

        If i understand you correctly you want the VIP 200.200.200.250 to point to LAN IP 192.168.4.240 and the only thing you haven't done so fare is setting up NAT -> Outbound -> Manual Outbound NAT
        WAN  192.168.4.240/32  *  *  *  200.200.200.250  *  NO

        /Perry
        doc.pfsense.org

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.