On 2011-11-29 12:59, Vaughn L. Reid III wrote:
I think 1:1 NAT would also be a better fit. I've never done 1:1 on both sides (172.30.100.x and 192.168.99.x), so I don't know if it will work. On the other hand, I've used 1:1 NAT on a single interface a few times, and never had any trouble beyond the fact that NAT, in general, does break some things. You will need to make the appropriate firewall rules separately from the NAT rules. I think you will need to make CARP entries for the NAT'ed IP's also, I believe.
Hopefully someone knowledgeable will enlighten us regarding the 1:1 NAT use on both sides.
Theoretically, when a packet enters and is processed in a NAT rule, it will hit the destination server with its IP address unchanged, so I think I'd need 1:1 NAT on both sides, a few more IP addresses and outbound NAT.
PS: no CARP used for this setup. _______________________________________________ List mailing list [email protected] http://lists.pfsense.org/mailman/listinfo/list
