PfSense: how to NAT and use LAN IPs to access services
Posted on 2012-03-16
I have a question that I'm not sure is possible. I have pfSense set up to where the WAN ip is an ip address on my main data network. The LAN ip on the second nic is a172.0.2.x ip. That network will be used as a staging and integration network that I would like to keep as seperate as possible. So I installed pfSense. My issue is that I want to be able to block all ports except for the ones i want to go to the 172.x.x.x network. However, i would like to be able to use the 172.x.x.x network ips to access ports for servers in that network. for example:
i might have 2 servers, lets say 126.96.36.199 and 188.8.131.52 one i want to ssh to and the other i want to open a web port and access from my 192.168.x.x network. so ill be on a machine with an ip of lets say 192.168.0.181 and i want to ssh using putty to 184.108.40.206. currently i have to use the ip of the WAN nic and it will NAT port 22 to 220.127.116.11.
is it possible to just use the 172.x.x.x ips? i can add a route that will route all 172.x.x.x traffic to the WAN ip of the nic on the pfSense machine.
the pfSense machine is on a vmware esxi host with 2 nics.