how many times you asked to yourself : how can I Outbound NAT internal hosts with PFSense ?
I had the need to create and Outbound NAT for a friend of mine.
The official documentation is quite clear but I would like to add some screenshot to make it more easy and, for this specific article, only for a specific situation : map an internal ip to a fixed external public IP (i.e. for the mail system or other internal services that you want to be known with a different address).
Here you have the link
In my specific situation I needed to Soruce NAT/Outbound NAT an internal Squid Proxy.
So point n.1 : from the main menu select --> firewall --> Virtual IPs N.2 : as shown below you must type in the public IP address that you want to use/NAT for the internal machine.I assume that you want use an IP that is different from the one used by your firewall (obviously you should have at your disposal at least a range of 4 IPs).
Consider that on the official doc there is not well explained what's the difference between : IP Alias (used in my example), proxy ARP, CARP or other.
Here you have some better explanation :
After creating the Virtual IP we have to go on NAT area : Firewall menu item --> NAT --> Outbound tab
In my specific situation I had the "Automatic outbound NAT rule Generation" activated by default and since I had to face up with an OpenSSH VPN I could delete eveything already present below in terms of rules.
I changed my confguration in "Hybrid Outbound NAT rule generation". In this way I preserved existing rules and was asble , in the meantime, to add my personal ones.
At this point I clicked on the "+" sign to add a NAT rule and created it a shown below :
Remember to create a firewall rule to allow this machine (the LAN IP) to browse the internet.
The final NAT situation should be more or less this :
No complications, no tricks, only the essential.
Hope this helps.
See you soon.
No comments:
Post a Comment