Netgate SG-1000 microFirewall

Author Topic: How to do this special NAT?  (Read 2798 times)

0 Members and 1 Guest are viewing this topic.

Offline hshh

  • Newbie
  • *
  • Posts: 19
  • Karma: +0/-0
    • View Profile
How to do this special NAT?
« on: August 18, 2006, 04:05:02 am »
I have 2 pfsense running, and they are using different WAN but same LAN. Their LAN ip is 192.168.1.1 and 192.168.1.2

Because one WAN is unstable (LAN ip: 192.168.1.2), the users are using this pfsense cause IM software reconnect always.

Now I want to make a rulle for those users, all gateway 192.168.1.2 clients' IM connection NAT to 192.168.1.1 and outbound.
It is like this,

clients_A <----- MSN,other IM ---( LAN netif )---> 192.168.1.2 <----( LAN netif )-----> 192.168.1.1 <-----( WAN netif )-----> Internet
clients_A <----- all other traffic --( LAN netif )----> 192.168.1.2 <---( WAN netif )------> Internet
clients_B <----- all traffic ---( LAN netif )---> 192.168.1.1 <----( WAN netif )-----> Internet

Is it possible to make this rule? How to do it? Thanks.

Offline hoba

  • Hero Member
  • *****
  • Posts: 5837
  • Karma: +8/-0
  • What was the problem to this solution again?
    • View Profile
    • pfSense
Re: How to do this special NAT?
« Reply #1 on: August 18, 2006, 04:51:26 am »
Why are your running 2 pfSense for this setup? You rather want a multiwan/loadbalancing/policybasedrouting setup.

See http://wiki.pfsense.com/wikka.php?wakka=OutgoingLoadBalancing for how to set this up with a single pfSense.

Offline hshh

  • Newbie
  • *
  • Posts: 19
  • Karma: +0/-0
    • View Profile
Re: How to do this special NAT?
« Reply #2 on: August 18, 2006, 08:15:00 am »
Because it is two adsl. And I can't use modem to pppoe.

Offline hoba

  • Hero Member
  • *****
  • Posts: 5837
  • Karma: +8/-0
  • What was the problem to this solution again?
    • View Profile
    • pfSense
Re: How to do this special NAT?
« Reply #3 on: August 18, 2006, 08:35:06 am »
Use a modemrouter with dmz IP for the second wan. I had a similiar setup at our office for some weeks before we switched the second line to static IP. Worked great.

Offline hshh

  • Newbie
  • *
  • Posts: 19
  • Karma: +0/-0
    • View Profile
Re: How to do this special NAT?
« Reply #4 on: August 20, 2006, 11:40:43 am »
The modem sux forever while running in route mode. So i can't use modemrouter. sigh.
Can you help me about this special NAT?

Or is it possible to create custom pf rules, and auto add after each modify by WebConfig? So I can make a port redirect like transparent proxy.

Offline hoba

  • Hero Member
  • *****
  • Posts: 5837
  • Karma: +8/-0
  • What was the problem to this solution again?
    • View Profile
    • pfSense
Re: How to do this special NAT?
« Reply #5 on: August 20, 2006, 06:26:12 pm »
I don't see the point with the sucking modem in router mode. Set the pfSense WAN IP behind it as DMZ IP (most modemrouters have this function). Then you can handle everything besides the pppoe dialin at the pfSense. Some modemrouter even can run in so called halfbridge mode where they only do the pppoe and are still transparent.

Offline hshh

  • Newbie
  • *
  • Posts: 19
  • Karma: +0/-0
    • View Profile
Re: How to do this special NAT?
« Reply #6 on: August 20, 2006, 09:52:03 pm »
My modemrouter was crash while connections more than 200. But work well in client pppoe dial up.