Re: [pfSense Support] 1:1 NAT - Outbound source IP?

2009-03-17 Thread Gary Buckmaster 

Nathan Eisenberg wrote:


Hello,

When performing 1:1 NAT, what is the process for making the the 
egressing NAT traffic originate from the 1:1 IP address?


For example…

4.2.2.1 Firewall

4.2.2.2 Server 1 virtual IP

4.2.2.3 Server 2 virtual IP

192.168.1.1 Firewall LAN

192.168.1.2 Server 1 IP

192.168.1.3 Server 2 IP

All egress traffic still comes from 4.2.2.1 in this configuration, 
where I would want egressing traffic to originate from 4.2.2.2 for 
Server 1.


Best Regards,

Nathan Eisenberg

Atlas Networks, LLC

Phone: 206-577-3078

supp...@atlasnetworks.us 

www.atlasnetworks.us 


That's the whole point of a 1:1 NAT. The process is as follows:

1) Create a VIP (either CARP or ProxyARP)
2) Create a 1:1 NAT mapping between the real private IP and the public 
VIP (ie: 4.2.2.2 -> 192.168.1.2)
3) Create firewall rules allowing the traffic you want to hit the 
private IP for the resource (ie: 192.168.1.2)


Consider using aliases for the firewall rules, it makes the rules make 
far more sense at a glance and makes life easier to manage if you have a 
lot of servers.



-
To unsubscribe, e-mail: support-unsubscr...@pfsense.com
For additional commands, e-mail: support-h...@pfsense.com

Commercial support available - https://portal.pfsense.org

[pfSense Support] 1:1 NAT - Outbound source IP?

2009-03-17 Thread Nathan Eisenberg 
Hello,

When performing 1:1 NAT, what is the process for making the the egressing NAT 
traffic originate from the 1:1 IP address?

For example...

4.2.2.1 Firewall
4.2.2.2 Server 1 virtual IP
4.2.2.3 Server 2 virtual IP

192.168.1.1 Firewall LAN
192.168.1.2 Server 1 IP
192.168.1.3 Server 2 IP

All egress traffic still comes from 4.2.2.1 in this configuration, where I 
would want egressing traffic to originate from 4.2.2.2 for Server 1.

Best Regards,
Nathan Eisenberg
Atlas Networks, LLC
Phone: 206-577-3078
supp...@atlasnetworks.us
www.atlasnetworks.us