Nathan Eisenberg wrote:
Hello,
When performing 1:1 NAT, what is the process for making the the
egressing NAT traffic originate from the 1:1 IP address?
For example…
4.2.2.1 Firewall
4.2.2.2 Server 1 virtual IP
4.2.2.3 Server 2 virtual IP
192.168.1.1 Firewall LAN
192.168.1.2 Server 1 IP
192.168.1.3 Server 2 IP
All egress traffic still comes from 4.2.2.1 in this configuration,
where I would want egressing traffic to originate from 4.2.2.2 for
Server 1.
Best Regards,
Nathan Eisenberg
Atlas Networks, LLC
Phone: 206-577-3078
supp...@atlasnetworks.us <mailto:supp...@atlasnetworks.us>
www.atlasnetworks.us <http://www.atlasnetworks.us>
That's the whole point of a 1:1 NAT. The process is as follows:
1) Create a VIP (either CARP or ProxyARP)
2) Create a 1:1 NAT mapping between the real private IP and the public
VIP (ie: 4.2.2.2 -> 192.168.1.2)
3) Create firewall rules allowing the traffic you want to hit the
private IP for the resource (ie: 192.168.1.2)
Consider using aliases for the firewall rules, it makes the rules make
far more sense at a glance and makes life easier to manage if you have a
lot of servers.
---------------------------------------------------------------------
To unsubscribe, e-mail: support-unsubscr...@pfsense.com
For additional commands, e-mail: support-h...@pfsense.com
Commercial support available - https://portal.pfsense.org
