pfSense Gold Subscription

Author Topic: Firewall NAT / Outbound  (Read 2630 times)

0 Members and 1 Guest are viewing this topic.

Offline bkrc

  • Newbie
  • *
  • Posts: 12
    • View Profile
Firewall NAT / Outbound
« on: December 16, 2011, 01:12:15 pm »
Hello,
My servers IP address as attempts to exit from the inside out, "WAN Static IP configuration" at the "IP address" that I wrote in the Metro Ethernet IP address appears.
So I'm assigned to servers, "Virtual IP" address does not appear to whois queries.
"Firewall - NAT - Outbound" tab of the adjustments I struggled with but the results did not get a pretty ...

While I understand from the inside out in a separate NAT for the LAN must make adjustments ..
I would like help from friends about the experience with this issue ..

Thank you ...

Offline trunglam

  • Jr. Member
  • **
  • Posts: 53
    • View Profile
Re: Firewall NAT / Outbound
« Reply #1 on: December 19, 2011, 10:05:04 am »
I don't think Virtual IP is good for this situation, you must assign them to specific interface.

Offline podilarius

  • Hero Member
  • *****
  • Posts: 1764
    • View Profile
Re: Firewall NAT / Outbound
« Reply #2 on: December 19, 2011, 10:18:53 am »
VIP is not a bad idea, you must use 1:1 or a combination port forward and manual outbound NAT if you want something other than the WAN address. Please also note that manual outbound rules are first matching, so if you have your VIP listed below your auto created rules (the one for WAN) then you will always get your WAN address for the outgoing IP.

If I am understanding your problem correctly.

Offline bkrc

  • Newbie
  • *
  • Posts: 12
    • View Profile
Re: Firewall NAT / Outbound
« Reply #3 on: December 22, 2011, 01:01:05 pm »
Hello,
While users have given out the ip address I want to do with the output..
I want to create a rule for servers in the same way.
Wan seems a static ip address, I could not make out with the Virtual IP address..

Configuration as in the picture

Offline podilarius

  • Hero Member
  • *****
  • Posts: 1764
    • View Profile
Re: Firewall NAT / Outbound
« Reply #4 on: December 27, 2011, 11:34:36 am »
Okay, your first mistake is that you /24 is above your /32 entries. NAT like firewall rules (aside from floating) are first matching. So if 172.16.100.2 tries to go out, it is going to match the first rule and go out as your WAN ip and not the second entry you have setup. You will need to move your /24 to the bottom of the list.

Offline bkrc

  • Newbie
  • *
  • Posts: 12
    • View Profile
Re: Firewall NAT / Outbound
« Reply #5 on: February 28, 2012, 12:47:00 am »
Hi,
I examine the subject, and others live, but the problem you mentioned is not related to them ..
Metro IP block to assign only one of them described kullacılarıma and he'd like to make out the Internet via IP address.
The system installed on the proxy server.

Structure, such as I have mentioned;

Virtual (Real)        IP Lan
10.0.0.1            172.16.100.1 (Web, Mail Server)
10.0.0.2            172.16.100.11 - 172.16.100.254 (Internal Users)

Web to my WAN IP address 10.0.0.1 from the outside: 172.16.100.1 Port: There is no shortage now working to make 80 1 to 1 Nat.

However, the exact opposite of this situation 172.16.100.11 to 254 with the internal network ip address 10.0.0.2 I want to walk out of my users.

As far as researched by the forum;

"I have pretty much the same scenario here and it works as it should...

At- System/Advanced/Firewall Nat/   make sure that "Disable reply-to" is not checked...

I do not have outbound nat "static port" selected. "

Checked'i picked the appropriate tab,
Firewall: NAT: Outbound tab of the Manual Outbound NAT rule generation (AON - Advanced Outbound NAT) NAT addresses by checking the Source Address is 10.0.0.2 as the ip address of the internal user, though it would define a system configuration'daki WAN Static IP WAN IP address with the IP Address tab I wrote is output. Whois lookups do not change the ip address ... It might be a proxy? There is one point I missing, but could not find yet ...

I would like to help with nat settings from..  Address all the problems appear gateway ip address is still. I can not make full sense of the output with the external IP address mentioned.

Thank you..


Offline podilarius

  • Hero Member
  • *****
  • Posts: 1764
    • View Profile
Re: Firewall NAT / Outbound
« Reply #6 on: February 28, 2012, 07:40:12 am »
Could you re-paste the current setup? The issue I saw doesn't seem to be addressed. Also turning off static ports is going to be a must on the NAT for 11-254.

Offline bkrc

  • Newbie
  • *
  • Posts: 12
    • View Profile
Re: Firewall NAT / Outbound
« Reply #7 on: February 29, 2012, 11:50:47 am »
Hello,
The current settings are as pictured.

Thank you.

Offline podilarius

  • Hero Member
  • *****
  • Posts: 1764
    • View Profile
Re: Firewall NAT / Outbound
« Reply #8 on: March 08, 2012, 10:31:31 pm »
Your rules appear to be correct. Are you using 1:1 NAT as well, or just port forward?