-
Be the first to like this
Upcoming SlideShare
Network Address Translation - pfSense Hangout July 2014
- 1. July 2014 Hang Out Network Address Translation Chris Buechler
- 2. Project News ● First training complete ● Next coming up ○ September 5-6 ○ In-person, in Austin, Texas ○ https://www.pfsense.org/university/ ● 2.1.5 release coming soon ● FW-7551 now available @ store.pfsense.org ● Free Gold subscription with support-bundled hardware purchase in August
- 3. Network Address Translation ● Modification of IP packet header ● Replacement of: ○ source and/or destination IP ○ source and/or destination port for TCP and UDP ● Common uses ○ Internet access ○ Connection of conflicting networks ○ Working around routing issues ● Not a security mechanism
- 4. Network Address Translation TCP and UDP
- 5. Network Address Translation LAN - Pre-NAT WAN - Post-NAT
- 6. Outbound NAT ● Translation of: ○ Source IP ○ Source port ● Automatic outbound ○ NAT internal subnets out WAN IP ● Manual outbound ○ Fully user-configured ● Outbound NAT rule configuration ● Static port ● Pool options
- 7. 2.2 Outbound NAT ● Automatic ● Manual ● Hybrid ○ User-configured then automatic ● Disable
- 8. Outbound NAT - Internet
- 9. Outbound NAT - Return routing
- 10. 1:1 NAT ● Mapping of one internal to one external IP ○ inbound and outbound ● Also for entire subnets ○ where equal size and sequential IPs ● Per-interface basis ● Optionally limited to specific destinations
- 11. 1:1 NAT Example
- 12. Port Forward ● Rewriting of: ○ Destination IP ○ Destination port
- 13. Port Forward - Examples ● WAN1 and WAN2 ○ External port 80 to server1 port 80 ○ External port 2222 to server1 port 22
- 14. NAT Reflection ● Access internal services by external IP
- 15. NAT Reflection ● Disabled by default ● Modes ○ Pure NAT - preferred ○ NAT + Proxy ● Per-rule control ● Split DNS is alternative
- 16. VPN NAT
- 17. VPN NAT
- 18. Port Forwards - Traffic Redirection
- 19. Questions? Feedback, comments, suggestions welcome to gold@pfsense.org
Login to see the comments