pfSense Gold Subscription

Author Topic: How should i NAT this?  (Read 1509 times)

0 Members and 1 Guest are viewing this topic.

Offline barcode

  • Newbie
  • *
  • Posts: 21
  • Karma: +0/-0
    • View Profile
How should i NAT this?
« on: June 18, 2006, 01:21:15 pm »
Hello!

I built my Cisco Lab at home and am connected through my pfsense to the internet.

I use for the LAN Range some 192.168.1.0/24 Subnet, where also my Lab has a leg in...

My Lab has a static default-route to the pfsense. The default-route is redistributed within the Lab.

The farest Router away from the pfsense has a Laptop connected, he resides in Subnet 100.0.0.0/30

If i make a ping to the 2 PC's that share the 192.168.1.0/24 Subnet - it works, also traceroute to public
addresses end on the pfsense itself - then i have timeouts.

The 100.0.0.0/30 and special Lab-Subnets have static entries at the pfsense directing to the LAN interface,
so the way back for traffic is managed so far from the LAN Subnet.

I am now not shure why i can not access the internet from my Laptop, as he is able to reach the pfsense by ping.
if i trace to public addresses, it stucks - the last time exceeded i recieve is from the pfsense. then * * *
Of course i have created a LAN Rule that permits the Subnet 100.0.0.0/30 to any...

Do i have to make some 1:1 NAT, Outbound with Virtual Address? I guess that this 100.0.0.1 must be natted
to some 192.168.1.X Address within the LAN Subnet? If i cannot manage this on the pfsense i will try then
to NAT on the Cisco Router then... But anyone perhapps has advice how to make this more sexy? ;-)

Cheers


Offline sullrich

  • Hero Member
  • *****
  • Posts: 5110
  • Karma: +3/-0
    • View Profile
    • pfSense
Re: How should i NAT this?
« Reply #1 on: June 18, 2006, 01:50:01 pm »
Turn on advanced outbound nat and then add the new subnet to the list just like the LAN entry shows.

Offline barcode

  • Newbie
  • *
  • Posts: 21
  • Karma: +0/-0
    • View Profile
Re: How should i NAT this?
« Reply #2 on: June 18, 2006, 02:13:30 pm »
 ;D yes, that does the trick!! thaaanx...