pfSense Gold Subscription

Author Topic: Routed public subnet  (Read 177 times)

0 Members and 1 Guest are viewing this topic.

Offline Kev!n

  • Newbie
  • *
  • Posts: 4
  • Karma: +0/-0
    • View Profile
Routed public subnet
« on: December 20, 2017, 04:33:29 am »
Hello,

My ISP give me a public subnet wich is routed to a CARP VIP. I want to use thoses public adresses with services via NAT.



So my ISP route my public subnet 198.200.200.60/30 to the INT CARP VIP 192.168.30.2.

My goal is to NAT the web service from 192.168.60.100:80 to 198.200.200.62:80

Could you help me to understand how to do that ?



Thanks


Kevin

Offline viragomann

  • Hero Member
  • *****
  • Posts: 2617
  • Karma: +275/-1
    • View Profile
Re: Routed public subnet
« Reply #1 on: December 20, 2017, 06:34:29 am »
You have to add each single IP of the routed subnet to your WAN. Firewall > Virtual IPs
Type: IP Alias
Interface: your WAN CARP VIP
Enter the address and the correct mask.

After that you can set you port-forwarding rules using the virtual IPs.

You may also set up NAT 1:1 for the whole subnet within one single rule. This doesn't need the IP aliases.

Offline Kev!n

  • Newbie
  • *
  • Posts: 4
  • Karma: +0/-0
    • View Profile
Re: Routed public subnet
« Reply #2 on: December 20, 2017, 07:50:07 am »
Quote
Interface: your WAN CARP VIP

To be sure, this is 192.168.30.2 ?

I've a VPN server on the pfsense, wich is listening on the CAPR IP. Can I forward the traffic to it ?


Offline viragomann

  • Hero Member
  • *****
  • Posts: 2617
  • Karma: +275/-1
    • View Profile
Re: Routed public subnet
« Reply #3 on: December 20, 2017, 08:57:24 am »
Quote
Interface: your WAN CARP VIP

To be sure, this is 192.168.30.2 ?
Yes, you should be able to select the IP from the drop-down: '192.168.30.2 (WAN VIP)'

I've a VPN server on the pfsense, wich is listening on the CAPR IP. Can I forward the traffic to it ?
??? The VPN server is already listening to the WAN CARP VIP. Where you want to forward it to? You may set the server to listen to the LAN IP or to localhost and forward the traffic to it.

Offline Kev!n

  • Newbie
  • *
  • Posts: 4
  • Karma: +0/-0
    • View Profile
Re: Routed public subnet
« Reply #4 on: December 20, 2017, 09:19:20 am »
Quote
Yes, you should be able to select the IP from the drop-down: '192.168.30.2 (WAN VIP)'
So far this is working and it's great ! I can NAT 198.200.200.62:443 to  192.168.60.100:80 . \o/


Quote
??? The VPN server is already listening to the WAN CARP VIP. Where you want to forward it to? You may set the server to listen to the LAN IP or to localhost and forward the traffic to it.
My vpn server is listening on '192.168.30.2 (WAN VIP)'. From the outside I want it to be accessible on 198.200.200.62:3232.
I created nat 198.200.200.62:3232 to 192.168.30.2:3232 and firewall pass * * 192.168.30.2 3232 * both on TCP/UDP.
I can see matching rules on the syslog but nothing more.

Offline viragomann

  • Hero Member
  • *****
  • Posts: 2617
  • Karma: +275/-1
    • View Profile
Re: Routed public subnet
« Reply #5 on: December 20, 2017, 10:08:06 am »
No, you cannot forward packets from one WAN VIP to another one. You can only forward it to any IP assigned to any other interface like LAN or localhost.

But that seems not to be what you want. Just select the virtual IP 198.200.200.62 in the vpn server settings at Interface drop-down and it will listen on it. There's no forwarding needed for that.

Offline Kev!n

  • Newbie
  • *
  • Posts: 4
  • Karma: +0/-0
    • View Profile
Re: Routed public subnet
« Reply #6 on: December 20, 2017, 10:50:43 am »
 :D why do i complicating things, you're perfectly right.

It's now working. \o/

Thank you very much.

Kevin