Netgate SG-1000 microFirewall

Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Topics - justsomeguy

Pages: [1]
NAT / [solved] Outbound NAT with WAN DHCP IP Address
« on: March 07, 2018, 01:03:49 pm »
I have an SG-1000 arriving tomorrow and I decided to take a look at the pfsense settings ahead of time to see what needed to be set in order to get this to work, but I realized I'm not quite sure the correct settings.

I have an embedded server with a static IP address and no gateway. I would like to make this server accessible to the larger corporate network. This server does not need any other access to the larger corporate network or the internet.

I would like to have requests from clients on the corporate network (FTP and HTTP specifically) on the "WAN" IP routed to the server and allow it's responses to be returned to the client. I do not want to use a virtual IP as IT policies do not allow more than one MAC or IP (actually not sure which one) on a single switch port. Is it possible to set the 1:1 NAT rule to just use whatever was provided to the WAN interface via DHCP?

I also will occasionally connect another device on the LAN side of the SG-1000 to manage pfSense, but I don't think this matters. (correct me if I'm wrong).

I attached a diagram.

I'm open to any and all suggestions that will achieve what I'm looking for, but I believe 1:1 NAT is the right way to do this.

Help very much appreciated. Thanks.

Let me start by saying I'm new to nearly all of this.

I'm trying to do a proof of concept in a host with 2 VMs and 2 NICs before buying hardware, see the attached diagram. The goal is to use this in a lab setup where stuff of various OSs and configurations come and go without having to manually adjust settings or get on/off the larger corporate network.

Our corporate network requires traffic be routed through a (manually configured in each client) proxy for any HTTP and HTTPS requests. For HTTPS the corporate proxy just forwards it doesn't intercept.

What I'm trying to do is setup pfSense as a router than transparently forwards all HTTP and HTTPS requests to the upstream proxy server from any connected clients.

I'm ignoring the HTTPS part for the moment because that's a can of worms I'm not ready for yet.

I setup the DHCP and DNS and that all seems to work. I installed Squid and believe I have it setup correctly. The weird part is that it seems to be working, just EXTREMELY slowly for external websites, like wget was showing 500 B/s for Corporate LAN websites load quickly without issue and they are not bypassing the proxy.

I checked the CPU load in pfSense and it's not more than like 25% ever. I set the cache to null since I don't want to cache only forward. I tried various combinations of the via and x-forward settings without any change in results.

I'm running pfSense 2.4.2 I download and installed yesterday.

Open to any help I can get.

Pages: [1]