Thank you Kyle, I will take a look at it. -----Original Message----- From: Kyle Mott [mailto:[EMAIL PROTECTED] Sent: Saturday, February 17, 2007 5:23 AM To: support@pfsense.com Subject: Re: [pfSense Support] Virtual IP - Please Help....
This is what I came up with, not sure if it will apply to what you need it to do. Good luck! http://chaos.untouchable.net/index.php/PfSense_advanced_outbound_nat_exa mple -Kyle Wade Blackwell wrote: > OK that makes sense, > So if I understand correctly both scenarios are destination NAT, > you want anything destined to the DMZ to look like it is sourced from > 192.168.1.1 and if it destined for anywhere else not locally connected > (internet) it's source would be 10.1.1.1. I will defer the supported > question to someone who can answer authoritatively, my recollection is > that destination NAT is not supported with PF. I did hear recently > that someone on the list had figured out how to do this. Kyle, give a > shout if this matches your scenario and you can help out. Thanks. > > Wade B > > On 2/14/07, Kelvin Chiang <[EMAIL PROTECTED]> wrote: >> Hi Wade, thank you for the reply. Here's what I intend to achieve: >> >> >> <Router> <Intranet Server> >> \ / >> 10.1.1.0 subnet \ / 192.168.1.0 subnet >> \ / >> [PFSENSE w/ ONE WAN IF, NAT ENABLED] >> >> 1. The Router, Intranet Server and the WAN interface of PFSENSE are >> connected to a Switch 2. The WAN interface of PFSENSE has an IP of >> 10.1.1.1 and a Virtual IP of 192.168.1.1 >> >> What I wish to achieve: >> 1. All access to Internet is NATed via 10.1.1.1 and connect through >> the Router 2. All access to the Intranet Server is NATed via >> 192.168.1.1 so that it can reach the Intranet server. >> >> Can this be done? >> >> Regards, >> Kelvin >> >> -----Original Message----- >> From: Wade Blackwell [mailto:[EMAIL PROTECTED] >> Sent: Thursday, February 15, 2007 12:50 AM >> To: support@pfsense.com >> Subject: Re: [pfSense Support] Virtual IP - Please Help.... >> >> >> Two things; >> >> 1. this sounds like destination NAT which I am not sure that PF >> supports (anyone, Bueller?) 2. Some ASCII art would be in order to >> better understand what you are trying to accomplish. >> >> -W >> >> On 2/12/07, Kelvin Chiang <[EMAIL PROTECTED]> wrote: >> > >> > >> > Hi, I have problem getting the following configuration done, I am >> > not sure whether pfsense supports this kind of application; may be >> > someone >> >> > can advise... >> > >> > I have a WAN interface with IP address of 10.1.1.1. I define a >> > Virtual >> >> > IP of 192.168.1.1 on the same interface. Basically, I have 2 >> > subnets on the same segment of network, one for connection to the >> > Internet and >> >> > one for access to certain resources. I wish that access to >> > 192.168.1.x >> >> > be NATed to 192.168.1.1 while access to other destination to be >> > NATed to 10.1.1.1. >> > >> > I examine the states and found out that it seems to do what it is >> > supposed to do as I see x.x.x.x -> 192.168.1.1 -> x.x.x.x. However, >> > nothing happened on my screen. >> > >> > I guess my question is... if the virtual IP and interface IP are on >> > different subnet, can outbound NAT be configrued correctly? >> > >> > Regards, >> > Kelvin >> >> >> -- >> Wade Blackwell >> 253-205-7639 >> 253-288-3750 (fax) >> "Integrity is more important than perception management" >> "There are two kinds of pain, the pain of change and the pain of never >> changing" >> >> --------------------------------------------------------------------- >> To unsubscribe, e-mail: [EMAIL PROTECTED] >> For additional commands, e-mail: [EMAIL PROTECTED] >> >> >> >> --------------------------------------------------------------------- >> To unsubscribe, e-mail: [EMAIL PROTECTED] >> For additional commands, e-mail: [EMAIL PROTECTED] >> >> > > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
