>From the 2.1 book: "If you need to perform NAT on your local IPs to make them appear as a different subnet, or one of your public IPs, you may do so using the NAT fields underneath Local Network . If you specify a single IP address in Local Network and a single IP address in the NAT field, then a 1:1 NAT rule will be added between the two. "
I changed both the local LAN address and the remote incoming NAT'd address to an address instead of a /32 network. Does the 1:1 NAT rule get added behind the scenes or should it show in the NAT Rules table as a linked rule or is it invisible in the webGUI ? Thanks, ----- Original Message ----- > ----- Original Message ----- > > Hi, > > > We are running pfSense 2.1 nano on a Soekris - experiencing an > > issue > > with an IPSEC tunnel to a remote Sonicwall. We have two Phase 2 > > entries defined for two remote hosts on the remote endpoint. We are > > exposing 1 host on our network which is NAT'd in the Phase 2 entry > > on our side, we used the NAT field in the Local Network section in > > P2. example - the NAT IP they provided us on their side is 1.2.3.4, > > our host is 4.5.6.7. > > Both the remote NAT'd IP and the local IP's are identified as /32 > Networks in P2 > > 1. The tunnel comes up fine. > > > 2. We can ping and connect to both hosts on their side for each P2 > > > 3. They cannot make a connection to our NAT'd host on our side. > > > Do we need to set a NAT rule to allow this traffic to pass on the > > IPSEC interface? NAT port forward 1.2.3.4 to 4.5.6.7? > > > Best Regards, > > > -- > > > Mark Street, D.C., RHCE > > > Chief Technology Officer > > > Alliance Medical Center > > > (707) 433-5494 > > > "Trust decentralization over centralization, voluntarism over > > coercion, bottom-up over top-down, > > > adaptation over planning, openness over secrecy, practice over > > ideology, and markets over politics." > > > Eric Raymond > > > _______________________________________________ > > > List mailing list > > > List@lists.pfsense.org > > > http://lists.pfsense.org/mailman/listinfo/list > > -- > Mark Street, D.C., RHCE > Chief Technology Officer > Alliance Medical Center > (707) 433-5494 > "Trust decentralization over centralization, voluntarism over > coercion, bottom-up over top-down, > adaptation over planning, openness over secrecy, practice over > ideology, and markets over politics." > Eric Raymond > _______________________________________________ > List mailing list > List@lists.pfsense.org > http://lists.pfsense.org/mailman/listinfo/list -- Mark Street, D.C., RHCE Chief Technology Officer Alliance Medical Center (707) 433-5494 "Trust decentralization over centralization, voluntarism over coercion, bottom-up over top-down, adaptation over planning, openness over secrecy, practice over ideology, and markets over politics." Eric Raymond
_______________________________________________ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list
