On 4/24/10 6:28 PM, Chris Buechler wrote:
On Sat, Apr 24, 2010 at 5:11 PM, David Miller<[email protected]> wrote:
Using 2.0beta from 4-18
WAN network is 10.0.1.0/24, pfsense interface is 10.0.1.50
LAN network is 172.30.0.0/24, pfsense interface is 172.30.0.1
I have one client on the LAN side at 172.30.0.17. I'm testing a trivial
setup with a pfsense firewall between the client and my internal lan.
I setup a 1:1 NAT between 10.0.1.17 and 172.30.0.17.
I setup a firewall rule to allow traffic of type any from * to 10.0.1.17 on
the WAN interface. Also, to be sure, added one to 172.30.0.17. Save,
applied changes.
The 172.30.0.17 one is all you need, NAT first, then rules.
You're probably missing a virtual IP for that 10. IP.
Hi Chris;
Thanks for the reply.
I get " A 1:1 NAT mapping overlaps with the specified IP address." error
message if I try to add a VIP.
Same message whether it's proxy-arp, carp, or ip-alias.
I *thought* I did everything at http://doc.pfsense.org/index.php/1:1_NAT :
" 1:1 NAT, aka one-to-one NAT or binat, binds a specific internal
address (or subnet) to a specific external address (or subnet). Incoming
traffic from the Internet to the specified IP will be directed toward
the associated internal IP. Outgoing traffic to the Internet from the
specified internal IP will originate from the associated external IP.
To allow traffic in from the Internet, you must add a firewall rule on
the associated WAN interface allowing the desired traffic, using the
destination IP of the internal private IP.
All of the 1:1 NAT mappings are listed under Firewall > NAT, on the 1:1
tab. To edit an entry, click the "e" button, delete with the "x" button,
or add a new entry with the "+".
When adding or editing a 1:1 NAT entry, pick an Interface where the NAT
should happen, specify an External subnet (or use /32 for a single IP),
an Internal subnet (or the starting address of the block), and enter a
description."
So I need some corresponding 1:1 NAT applied to the LAN as well? I feel
like I'm missing something basic.
Thanks,
--- David
