Case: Solving problem with NAT
We must give access from Internet to this server and need to move it on a DMZ.
We physically move the server and give him a new IP address from the DMZ subnet.
And for solve the ‘hard coded’ IP on all our PC software, we ‘simulate’ its presence with NAT.
- Type : Proxy ARP (for pfSense response to ARP request to this IP)
- Interface : LAN (It’s the interface where is the virtual server)
- IP address : 192.168.1.10 (It the virtual IP of this server)
- Interface : LAN (It’s the interface where your PC came from)
- External address : Select the previously created Virtual IP « 192.168.1.10 »
- Protocol : TCP
- External port range : HTTP (it’s the port used by PC for acces to the web server)
- NAT IP : 192.168.2.10 (it’s the real IP address of the server in the DMZ)
- Local port : HTTP (it’s the real TCP port where the web server)
- Uncheck: Auto-add a firewall rules to permit traffic through this NAT rule (because, by default, all traffic is authorized from LAN interface to DMZ)