0

I am attempting to setup pfSense as a nat box for internal servers on a VPC.

I have followed the guides posted for configuring access and have followed the AWS instructions for setting up and configuring a nat instance but seem to still be missing something.

Here is a diagram to help convey what I'm trying to do:

enter image description here

I think where I'm getting stuck is access to the second interface because I can ping the WAN interface but can't ping the secondary NIC I created. Both of the interfaces live in the "public" vpc subnet.

I'm not sure what to look at to get unstuck.

On the pfSense box I have the following outbound nat rule:

enter image description here

The alias contains the subnet that I am attempting to nat.

Maybe there is a way to configure the WAN interface to be the interface to NAT through and just not even bother with a secondary NIC? Let me know what other details are needed and I will update.

jmreicha
  • 791
  • 1
  • 16
  • 29
  • From where are you trying to ping the internal interface? – EEAA Dec 27 '14 at 17:18
  • @EEAA I was attempting to ping from one of the servers I have in the "private subnet". I had to create a rule to allow LAN traffic in pfSense. Still sorting out how to get the nat working but ping works now at least. – jmreicha Dec 27 '14 at 17:29
  • Have you added outbound NAT rules for all of your VPC subnets? – EEAA Dec 27 '14 at 17:30
  • @EEAA You are talking on pfSense right? I have a catch all NAT rule right now, I will add a picture to the original post. – jmreicha Dec 27 '14 at 17:42
  • @EEAA got it sorted. I needed to add a LAN rule for web traffic. – jmreicha Dec 27 '14 at 18:44
  • 1
    you must deactivate Source/Destinaton check on interface eth1. rega –  Jan 28 '15 at 09:07

0 Answers0