NAT/NONAT Configuration with VYOS and PFSENSE

redefinetheculture · May 14, 2018, 1:42am

Hi All,

I hope I can get some directions with regards to this configuration which is not so unique but causing me some headaches

Design:

I’m using VYOS as a router in-front of a PFSense fireway

VYOS Router has to 2 Interfaces;

eth0: WAN (Public IP Address)
Primary: 98.14.18.110/32
Secondary: 98.149.128.10/29

eth1: Internal (Internal Address - /30)
IP:10.30.2.1/30

Pfsense FW has to 2 Interfaces;
eth0: WAN (Public)
IP: 10.30.2.2/30

eth1: Internal (PCs/Servers)
IP: 10.80.0.0/23

What I want to do is configure 1-1 NATs for Servers that are behind the PfSense FW. So, for example…

I want to be able to give a “Web server” with an internal IP Address of 10.80.1.20 and a 1-1 NAT address of 98.149.128.11 for example.

I’ve looked at Port Forwarding and read extensively about it but nothing works.

Any assistance with this will be super helpful.

Thank you

equinoxefr · May 14, 2018, 9:16am

Hi,

We use a similar design. NAT is configured on VYOS with a nat source and a nat destination.

set nat destination rule 1 destination address ‘98.149.128.11’
set nat destination rule 1 inbound-interface ‘eth2’
set nat destination rule 1 protocol ‘all’
set nat destination rule 1 translation address ‘10.80.1.20’

set nat source rule 1 outbound-interface ‘eth2’
set nat source rule 1 protocol ‘all’
set nat source rule 1 source address ‘10.80.1.20’
set nat source rule 1 translation address ‘98.149.128.11’

Pay attention to firewall. Rules will be applied on internal ip due to position of NAT in front of firewall.

Best regards
Pierre