The easiest way to do this is via DNS. Enable a DNS on the inside that will translate your external IP's to your internal IP's.
Although below would be ideal - I've never gotten it to work on PFSense, and this works just fine. -Tim From: Justin Refice [mailto:[EMAIL PROTECTED] Sent: Thursday, November 08, 2007 12:38 PM To: [email protected] Subject: [pfSense Support] VIPs + NAT?? I've got what appears to be simple question, but for the life of me I can't figure this one out. I've got a pfsense firewall setup between a local subnet (192.168/16) and my internet provider. The provider has given me two subnets 11.22.33.192/29 and 11.22.44.16/28. The WAN IP is in the larger subnet: 11.22.44.17/28 For any given IP in the above subnets, 1 or more IP's exist in the private domain. Eg: 11.22.33.194 port 25 = 192.168.0.2 port 25 11.22.33.194 port 80 = 192.168.0.3 port 80 11.22.44.17 port 25 = 192.168.0.4 port 25 This is all working fine (yay!). The problem is that the private subnet can't access IP's on the public subnet. So, for example, 192.168.0.2 can connect to www.google.com just fine. 192.168.0.2 can NOT connect to 11.22.33.194 though... the packet just gets dropped somewhere. I've got the VIP's setup using Proxy ARP, because there are two subnets (And apparently CARP requires that the IP exist in the same subnet as the WAN IP). Just as a test, I setup a CARP for 11.22.44.18, and the same problem exists. Basically, it seems like I need to tell the firewall the right rules on the LAN interface to clear this up... but like I said, I can't figure it out. Thanks for any help, Justin
