Yes, Advanced Oubound NAT, works fine for me too. I'd WAN,LAN and VPN interfaces.
Using automatic NAT, the traffic stop flowing in the VPN interface (Bridging over LAN). But enabling Manual Outbound NAT, everything works. Best Regards, Luiz Vaz 2008/8/20 Curtis LaMasters <[EMAIL PROTECTED]> > Advanced Outbound NAT (Manual Outbound NAT) Menu...Firewall -> NAT -> > Outbound > > You'll need to research this a bit but basically you will need to specify > an interface in which the traffic will be NAT'd, the source network range, > source ports (*) , Destination and Destination ports (*), the address in > which it will be NAT'd as and what static mapping (usually * and NO). Hope > that didn't confuse you too bad. > > > Curtis LaMasters > http://www.curtis-lamasters.com > http://www.builtnetworks.com > > > > On Wed, Aug 20, 2008 at 3:16 PM, Aliet Santiesteban Sifontes < > [EMAIL PROTECTED]> wrote: > >> I don't understand, let give more info: >> >> Right now this is a running setup with checkpoint. >> >> I mean, I have a net with my isp only to connect the firewall to them >> is a /30 private range in the first nic1. >> >> I have another net on the other nic2 with hosts with public addresses >> configured, I mean this hosts have configured public addresses, and >> not use nat. >> >> I have another net on nic3 with a private LAN. >> >> Now, I'm changing the checkpoint with pfsense with a server with three >> nics, and I must keep the current setup. >> >> One net in nic1 with my isp, the other net in nic2 will have connected >> the current running hosts wich have configured a public range address >> and in the nic3 connect the running private lan. >> >> I don't want to use nat in the current running public net, I just need >> this net working(routing) >> trought pfsense, and be able to configure some filters in this >> network, this net is currently my op1 in pfsense, and the only way >> they routing to internet is when I configure the gateway of my isp. >> >> Any better solution to do this, without changig the currents nets, >> only the firewall??. >> My point us that I don't wanna change avery single host on this nets, >> just the firewall. >> >> best regards >> >> 2008/8/20 Chris Buechler <[EMAIL PROTECTED]>: >> > On Wed, Aug 20, 2008 at 11:56 AM, Aliet Santiesteban Sifontes >> > <[EMAIL PROTECTED]> wrote: >> >> Found part of the problem, I installed a clean pfsense, and setup >> >> again the three interfaces. >> >> WAN-->> Connected to our isp trought a /30 private newtork >> >> OP1-DMZ-->> With the public range address assigned by our isp >> >> LAN-> Private segent. >> >> >> >> Nothing configured, I mean, nat, bridge etc. >> >> Added to simple rules, one to allow any from Lan in Lan interface, and >> >> one to allow any from dmz interface. >> >> >> >> with this setup hosts on the dmz segment can't reach the outside >> >> world, this hosts are configured with public network addresses, >> >> >> > >> > You have to use Advanced Outbound NAT to use public IPs on an internal >> > network. Adding a gateway to this DMZ interface, unless it has an >> > Internet connection and will be used as an additional WAN, is wrong. >> > It disables the NAT configuration since it thinks it's a WAN >> > interface, but that's wrong, you need to remove that and properly >> > setup AON. >> > >> > --------------------------------------------------------------------- >> > To unsubscribe, e-mail: [EMAIL PROTECTED] >> > For additional commands, e-mail: [EMAIL PROTECTED] >> > >> > >> >> --------------------------------------------------------------------- >> To unsubscribe, e-mail: [EMAIL PROTECTED] >> For additional commands, e-mail: [EMAIL PROTECTED] >> >> >
