[pfSense] creating a 1:1 NAT WAN to DMZ

Andy Friar Andy.Friar at novus.co.uk
Mon Feb 13 06:57:46 EST 2012 

[cid:image001.png at 01CCEA46.B369FDE0]



Then create a firewall rule

[cid:image002.png at 01CCEA46.B369FDE0]

You would need to do one of these for each ip.

If your running multi wans then you would also need to make sure the outbound is setup to go to the correct gateway.

Hth

Andy



From: list-bounces at lists.pfsense.org [mailto:list-bounces at lists.pfsense.org] On Behalf Of Moshe Katz
Sent: 13 February 2012 01:16
To: pfSense support and discussion
Subject: Re: [pfSense] creating a 1:1 NAT WAN to DMZ

On Sun, Feb 12, 2012 at 7:18 PM, Jason T. Slack-Moehrle <slackmoehrle at gmail.com<mailto:slackmoehrle at gmail.com>> wrote:
Moshe,

These are great.

Can you show me a rule that takes traffic on Port 80 from a public IP
to a 1:1 NAT?

I still cannot get these to work.

-Jason

On Sun, Feb 12, 2012 at 3:04 PM, Moshe Katz <moshe at ymkatz.net<mailto:moshe at ymkatz.net>> wrote:
> On Sun, Feb 12, 2012 at 5:37 PM, Jason T. Slack-Moehrle
> <slackmoehrle at gmail.com<mailto:slackmoehrle at gmail.com>> wrote:
>>
>> > When I create a 1:1 NAT I am confused as to which interface, internal
>> > IP and Destination. I am confused because the use of "internal IP" is
>> > making me thing that my DMZ address would go there.
>> >
>> > Example 1:1 NAT from 75.xx.xx.25 to 10.xx.xx.25
>> >
>> > I guess Internal IP would be the 75.x.x.25 address since the
>> > destination is really 10.x.x.25?
>>
>> So Follow up a bit, I think that 75.x.x.27 will be the External subnet
>> IP but I am still confused about Internal IP and Destination. Does
>> that wording confuse anybody else?
>>
>> -Jason
>> _______________________________________________
>> List mailing list
>> List at lists.pfsense.org<mailto:List at lists.pfsense.org>
>> http://lists.pfsense.org/mailman/listinfo/list
>
>
> I have attached screenshots of our rules as an example.
>
> Moshe
>
> ------------------------------
> Moshe Katz
> -- moshe at ymkatz.net<mailto:moshe at ymkatz.net>
> -- +1(301)867-3732<tel:%2B1%28301%29867-3732>
>
>
> _______________________________________________
> List mailing list
> List at lists.pfsense.org<mailto:List at lists.pfsense.org>
> http://lists.pfsense.org/mailman/listinfo/list
>
_______________________________________________
List mailing list
List at lists.pfsense.org<mailto:List at lists.pfsense.org>
http://lists.pfsense.org/mailman/listinfo/list

I created an alias with the INTERNAL addresses of all web servers.  The key is that these are the INTERNAL addresses, not the external addresses.  I have similar aliases and rules for HTTPS and all other needed ports.

Screenshots of the rule and the alias are attached.

Moshe

--
Moshe Katz
-- moshe at ymkatz.net<mailto:moshe at ymkatz.net>
-- +1(301)867-3732
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.pfsense.org/pipermail/list/attachments/20120213/a0fbfe45/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.png
Type: image/png
Size: 44371 bytes
Desc: image001.png
URL: <http://lists.pfsense.org/pipermail/list/attachments/20120213/a0fbfe45/attachment-0002.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image002.png
Type: image/png
Size: 55034 bytes
Desc: image002.png
URL: <http://lists.pfsense.org/pipermail/list/attachments/20120213/a0fbfe45/attachment-0003.png>

More information about the List mailing list