pfSense English Support > NAT

[solved] Outbound NAT with WAN DHCP IP Address

(1/4) > >>

I have an SG-1000 arriving tomorrow and I decided to take a look at the pfsense settings ahead of time to see what needed to be set in order to get this to work, but I realized I'm not quite sure the correct settings.

I have an embedded server with a static IP address and no gateway. I would like to make this server accessible to the larger corporate network. This server does not need any other access to the larger corporate network or the internet.

I would like to have requests from clients on the corporate network (FTP and HTTP specifically) on the "WAN" IP routed to the server and allow it's responses to be returned to the client. I do not want to use a virtual IP as IT policies do not allow more than one MAC or IP (actually not sure which one) on a single switch port. Is it possible to set the 1:1 NAT rule to just use whatever was provided to the WAN interface via DHCP?

I also will occasionally connect another device on the LAN side of the SG-1000 to manage pfSense, but I don't think this matters. (correct me if I'm wrong).

I attached a diagram.

I'm open to any and all suggestions that will achieve what I'm looking for, but I believe 1:1 NAT is the right way to do this.

Help very much appreciated. Thanks.

If your server has no gateway - how is it going to go anywhere?  You would have to source nat all traffic from pfsense wan to the server IP so server thinks its coming from

Why do you need 1:1 nat?  Just port forward whatever traffic you want to send to this server and have the server answer.. If you set the servers gateway to you wouldn't have to source nat the traffic.

To the corp lan there will only be 1 device on the network IP and mac which would be pfsense Wan IP and mac address.

Have you ok this with the corp networking/security team?

Thanks for the quick reply.

The server has no gateway because it is expected to only communicate with clients "on-link" i.e. It is an embedded device that simply can't be changed.

I thought I needed 1:1 NAT for the exact question you raise, "You would have to source nat all traffic from pfsense wan to the server IP so server thinks its coming from". If I am mistaken, can you offer a little more guidance?

And to your last question *sigh*, I spoke to 3 IT people on the phone, more emails, more calls, more voicemails. Ended up with the networking manager who said (paraphrasing) "we don't have a solution for what you need to do. you're on your own, do what you need to do and come back to us with your solution." I appreciate you asking though, as it is a fair question.

So you would just source nat.. On your outbound nat tab and select lan and use pfsense lan as the interface and dest IP address of your server.. Now all inbound traffic to your device that you create a port forward on will look to that device like it came from pfsense address.

I think I understand. Just to be explicit, the rule as configured in the attachment is what you mean, right?

Thanks for the help.


[0] Message Index

[#] Next page

Go to full version