Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Complicated NAT Question

    NAT
    2
    4
    944
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • K
      Kirloth last edited by

      Greetings,

      I am using 2.2.6 pfSense as my router/firewall.  I have two static IPs, which for the purposes of the question we'll say are 1.1.1.1 and 1.1.1.2.

      I want 99.9% of my network traffic to go out to the Internet as 1.1.1.1, but I would also like to NAT any and all traffic for my web server for 1.1.1.2.  I have a very heavy Cisco background, both in routers & firewalls, and I think it is proving more of a hindrance than a help in this situation.

      Can anyone please point me to some documentation about how to create this functionality in pfSense?  My searches seems to have turned up conflicting or unclear information.

      My thanks!

      1 Reply Last reply Reply Quote 0
      • johnpoz
        johnpoz LAYER 8 Global Moderator last edited by

        Are these public IPs on different connections or the same one.  So your wan on pfsense as 1.1.1.1, create a vip for 1.1.1.2 and forward traffic to your webserver via your vip.  And then on your outbound nat setup your webserver to use the vip for its outbound traffic.

        An intelligent man is sometimes forced to be drunk to spend time with his fools
        If you get confused: Listen to the Music Play
        Please don't Chat/PM me for help, unless mod related
        2440 2.4.5p1 | 2x 3100 2.4.4p3 | 2x 3100 22.01 | 4860 22.01

        1 Reply Last reply Reply Quote 0
        • K
          Kirloth last edited by

          Yes.  The IPs are both on the same connection.

          Thanks for your reply.

          Just to be sure I understand, I will:

          1. Create appropriate NAT and Firewall rules for Incoming from Virtual IP that point the the web server.
          2. Create an outbound NAT rule for my web server to use the Virtual IP.

          One other question:  Do I need to remove the auto-generated outbound NAT rules, or will my manual outbound NAT rule be prioritized over them?

          Once again, my thanks!

          1 Reply Last reply Reply Quote 0
          • johnpoz
            johnpoz LAYER 8 Global Moderator last edited by

            No you do not need to remove the auto..  You need to make sure that the webserver talks back out the same IP it came in.

            An intelligent man is sometimes forced to be drunk to spend time with his fools
            If you get confused: Listen to the Music Play
            Please don't Chat/PM me for help, unless mod related
            2440 2.4.5p1 | 2x 3100 2.4.4p3 | 2x 3100 22.01 | 4860 22.01

            1 Reply Last reply Reply Quote 0
            • First post
              Last post