OPNsense Forum

English Forums => General Discussion => Topic started by: ximinez on October 12, 2015, 01:01:33 pm

Title: NAT and bridge?
Post by: ximinez on October 12, 2015, 01:01:33 pm

I have an ISP that for some strange reason allows me 4 IPs via DHCP. I'd like to use one IP for a NAT fw for my LAN, and at the same time act as a transparent fw for my "exposed" servers, thus giving them non-private IPs. (Yet still behind a firewall)

Is this at all possible? Are there better alternatives for such a setup?

Title: Re: NAT and bridge?
Post by: franco on October 13, 2015, 07:26:10 am

I think you want to use 1:1 NAT for your exposed hosts and also simply assign one for your WAN, too.

The lovely pfSense guys have a short description of 1:1 NAT available here: https://doc.pfsense.org/index.php/1:1_NAT

Title: Re: NAT and bridge?
Post by: franco on October 13, 2015, 07:27:01 am

Note that you're not bridging, if you want your LAN to have one IP with NAT it is really the WAN that has the IP and LAN is routed.

Title: Re: NAT and bridge?
Post by: ximinez on October 16, 2015, 09:30:53 am

Ok, how would I set up the external interfaces so that I get four IPs then?

Title: Re: NAT and bridge?
Post by: franco on October 17, 2015, 09:02:18 am

If they are true dynamic DHCP addresses (that maybe map to your MAC) your setup needs to be multi-staged. It's not possible with only one firewall.

If the entries are static, consider assigning them manually. That works well with NAT 1:1.