NAT and bridge?

Started by ximinez, October 12, 2015, 01:01:33 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
October 12, 2015, 01:01:33 PM
I have an ISP that for some strange reason allows me 4 IPs via DHCP. I'd like to use one IP for a NAT fw for my LAN, and at the same time act as a transparent fw for my "exposed" servers, thus giving them non-private IPs. (Yet still behind a firewall)

Is this at all possible? Are there better alternatives for such a setup?
October 13, 2015, 07:26:10 AM #1
I think you want to use 1:1 NAT for your exposed hosts and also simply assign one for your WAN, too.

The lovely pfSense guys have a short description of 1:1 NAT available here: https://doc.pfsense.org/index.php/1:1_NAT
October 13, 2015, 07:27:01 AM #2
Note that you're not bridging, if you want your LAN to have one IP with NAT it is really the WAN that has the IP and LAN is routed.
October 16, 2015, 09:30:53 AM #3
Ok, how would I set up the external interfaces so that I get four IPs then?
October 17, 2015, 09:02:18 AM #4
If they are true dynamic DHCP addresses (that maybe map to your MAC) your setup needs to be multi-staged. It's not possible with only one firewall.

If the entries are static, consider assigning them manually. That works well with NAT 1:1.
Print
Go Up Pages1
User actions