This is an old thread, and I'm sure you've figured it out... but your issue is that you are still an routable address zones. on a true WAN instance... that 192.168.*.* would NOT be routed, so need not worry. You can block the private address space with one of the toggle switches or with rules if you really want. But your issues is appearing only because you really have two LANs instead of a WAN/LAN situation.
On Tue, Aug 21, 2012 at 7:01 AM, Ted Smith <[email protected]> wrote: > I'm using pfSense 2.0.1 and I'm having difficulty with 1:1 NAT not > working as expected. > > I have setup a 1:1 NAT by following the various tutorials and instructions > found on the pfSense website and other sources: > 1) Create Virtual IP with external address using 'IP Alias' setting > (172.16.0.5) > 2) Create 1:1 NAT rule with external address 172.16.0.5 mapped to internal > address 192.168.0.5 (destination left as 'any') > 3) Create firewall Rule on WAN interface forwarding from source 'any' to > 192.168.0.5, protocol any. > > After completing this setup I have successfully been able to ping the > outside address and have it pass through to the internal address. > > The trouble I have is that my outside client can also ping the internal > address 192.168.0.5. This is a problem. I would like to not expose any > internal addresses and have outside clients only be able to use the outside > address. I have used Wireshark on the inside address server and all the > pings look the same from inside the network and appear to come from the LAN > address of the firewall (as expected). I've tried various permutations of > additional firewall rules and had no success. If I take away the rules > altogether the NAT stops working and no traffic is forwarded. > > In case you are wondering, the WAN in my setup is just another internal > network and hence the use of private addresses. > > Thanks for any help. > > Ted > > _______________________________________________ > List mailing list > [email protected] > http://lists.pfsense.org/mailman/listinfo/list > >
_______________________________________________ List mailing list [email protected] http://lists.pfsense.org/mailman/listinfo/list
