I'm using pfSense 2.0.1 and I'm having difficulty with 1:1 NAT not working as
expected.
I have setup a 1:1 NAT by following the various tutorials and instructions
found on the pfSense website and other sources:1) Create Virtual IP with
external address using 'IP Alias' setting (172.16.0.5)2) Create 1:1 NAT rule
with external address 172.16.0.5 mapped to internal address 192.168.0.5
(destination left as 'any')3) Create firewall Rule on WAN interface forwarding
from source 'any' to 192.168.0.5, protocol any.
After completing this setup I have successfully been able to ping the outside
address and have it pass through to the internal address.
The trouble I have is that my outside client can also ping the internal address
192.168.0.5. This is a problem. I would like to not expose any internal
addresses and have outside clients only be able to use the outside address. I
have used Wireshark on the inside address server and all the pings look the
same from inside the network and appear to come from the LAN address of the
firewall (as expected). I've tried various permutations of additional firewall
rules and had no success. If I take away the rules altogether the NAT stops
working and no traffic is forwarded.
In case you are wondering, the WAN in my setup is just another internal network
and hence the use of private addresses.
Thanks for any help.
Ted
_______________________________________________
List mailing list
[email protected]
http://lists.pfsense.org/mailman/listinfo/list
