[pfSense] creating a 1:1 NAT WAN to DMZ

Moshe Katz moshe at ymkatz.net
Sun Feb 12 20:15:50 EST 2012 

On Sun, Feb 12, 2012 at 7:18 PM, Jason T. Slack-Moehrle <
slackmoehrle at gmail.com> wrote:

> Moshe,
>
> These are great.
>
> Can you show me a rule that takes traffic on Port 80 from a public IP
> to a 1:1 NAT?
>
> I still cannot get these to work.
>
> -Jason
>
> On Sun, Feb 12, 2012 at 3:04 PM, Moshe Katz <moshe at ymkatz.net> wrote:
> > On Sun, Feb 12, 2012 at 5:37 PM, Jason T. Slack-Moehrle
> > <slackmoehrle at gmail.com> wrote:
> >>
> >> > When I create a 1:1 NAT I am confused as to which interface, internal
> >> > IP and Destination. I am confused because the use of "internal IP" is
> >> > making me thing that my DMZ address would go there.
> >> >
> >> > Example 1:1 NAT from 75.xx.xx.25 to 10.xx.xx.25
> >> >
> >> > I guess Internal IP would be the 75.x.x.25 address since the
> >> > destination is really 10.x.x.25?
> >>
> >> So Follow up a bit, I think that 75.x.x.27 will be the External subnet
> >> IP but I am still confused about Internal IP and Destination. Does
> >> that wording confuse anybody else?
> >>
> >> -Jason
> >> _______________________________________________
> >> List mailing list
> >> List at lists.pfsense.org
> >> http://lists.pfsense.org/mailman/listinfo/list
> >
> >
> > I have attached screenshots of our rules as an example.
> >
> > Moshe
> >
> > ------------------------------
> > Moshe Katz
> > -- moshe at ymkatz.net
> > -- +1(301)867-3732
> >
> >
> > _______________________________________________
> > List mailing list
> > List at lists.pfsense.org
> > http://lists.pfsense.org/mailman/listinfo/list
> >
> _______________________________________________
> List mailing list
> List at lists.pfsense.org
> http://lists.pfsense.org/mailman/listinfo/list
>

I created an alias with the INTERNAL addresses of all web servers.  The key
is that these are the INTERNAL addresses, not the external addresses.  I
have similar aliases and rules for HTTPS and all other needed ports.

Screenshots of the rule and the alias are attached.

Moshe

--
Moshe Katz
-- moshe at ymkatz.net
-- +1(301)867-3732
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.pfsense.org/pipermail/list/attachments/20120212/dad715f5/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: http alias.png
Type: image/png
Size: 44284 bytes
Desc: not available
URL: <http://lists.pfsense.org/pipermail/list/attachments/20120212/dad715f5/attachment-0002.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: http rule.png
Type: image/png
Size: 39742 bytes
Desc: not available
URL: <http://lists.pfsense.org/pipermail/list/attachments/20120212/dad715f5/attachment-0003.png>

More information about the List mailing list