Advanced Outbound NAT (Manual Outbound NAT) Menu...Firewall -> NAT -> Outbound
You'll need to research this a bit but basically you will need to specify an interface in which the traffic will be NAT'd, the source network range, source ports (*) , Destination and Destination ports (*), the address in which it will be NAT'd as and what static mapping (usually * and NO). Hope that didn't confuse you too bad. Curtis LaMasters http://www.curtis-lamasters.com http://www.builtnetworks.com On Wed, Aug 20, 2008 at 3:16 PM, Aliet Santiesteban Sifontes < [EMAIL PROTECTED]> wrote: > I don't understand, let give more info: > > Right now this is a running setup with checkpoint. > > I mean, I have a net with my isp only to connect the firewall to them > is a /30 private range in the first nic1. > > I have another net on the other nic2 with hosts with public addresses > configured, I mean this hosts have configured public addresses, and > not use nat. > > I have another net on nic3 with a private LAN. > > Now, I'm changing the checkpoint with pfsense with a server with three > nics, and I must keep the current setup. > > One net in nic1 with my isp, the other net in nic2 will have connected > the current running hosts wich have configured a public range address > and in the nic3 connect the running private lan. > > I don't want to use nat in the current running public net, I just need > this net working(routing) > trought pfsense, and be able to configure some filters in this > network, this net is currently my op1 in pfsense, and the only way > they routing to internet is when I configure the gateway of my isp. > > Any better solution to do this, without changig the currents nets, > only the firewall??. > My point us that I don't wanna change avery single host on this nets, > just the firewall. > > best regards > > 2008/8/20 Chris Buechler <[EMAIL PROTECTED]>: > > On Wed, Aug 20, 2008 at 11:56 AM, Aliet Santiesteban Sifontes > > <[EMAIL PROTECTED]> wrote: > >> Found part of the problem, I installed a clean pfsense, and setup > >> again the three interfaces. > >> WAN-->> Connected to our isp trought a /30 private newtork > >> OP1-DMZ-->> With the public range address assigned by our isp > >> LAN-> Private segent. > >> > >> Nothing configured, I mean, nat, bridge etc. > >> Added to simple rules, one to allow any from Lan in Lan interface, and > >> one to allow any from dmz interface. > >> > >> with this setup hosts on the dmz segment can't reach the outside > >> world, this hosts are configured with public network addresses, > >> > > > > You have to use Advanced Outbound NAT to use public IPs on an internal > > network. Adding a gateway to this DMZ interface, unless it has an > > Internet connection and will be used as an additional WAN, is wrong. > > It disables the NAT configuration since it thinks it's a WAN > > interface, but that's wrong, you need to remove that and properly > > setup AON. > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > >
