Ispconfig and NAT 1:1

Discussion in 'Installation/Configuration' started by mmidgett, Nov 10, 2011.

  1. mmidgett

    mmidgett Member

    I have been trying for a few days to move my servers behind a pfsense firewall using virtual ips and nat 1:1 to the servers. Can anyone tell me that this will work? I have been having trouble and since its a production server I only have 15min per day of down time if I'd like to keep my quoted uptime.

    During my testing I as able to get FTP,SSH,SMTP to work with the correct ports opened up but was unable to get the websites to show. Is this due to named base virtual hosting? From what I understand about the 1:1 NAT is from the outside you request a website from | --> then it moves it to Server answers and sends back and firewall send back as But I am wondering if something is being lost in the transaction?

    Also my DNS servers were acting up, I am running mydns with mysql. With the virtual IPS forwarded to the internal ip with the 1:1 nat the server should be on the outside and with no firewall rule breaking it it should deliver answer to DNS queries right?
  2. mmidgett

    mmidgett Member

    I think that I may have found my problem. I changed the server address by command line as it is a headless vm. I then issued a networking restart at which it kicks me off ssh. I then can log back into the server using the new private ips. Then I continued to setup the firewall and forward everything like it was suposed to. The problem is that I am using mydns and it needed a restart after the ip and dns servers were changed. I didn't do that and ended up setting the severs back on the public internet with out my new firewall. At this point everything was still broke and I couldn't get nothing to resolve. I figured that I messed the DNS up and i'd wait 24 hours to see if it fix it self. however it didn't so i knew something was still wrong so I loged in by the ip and restarted the mydns server. At which everything started working again.

    This weekend I'm going to turn back on the firewall and change back to running 1:1 nat and see if I can make it work again. I am using pfsense 2.0 as the firewall. It is a little complicated to setup for someone that is not used to it. However I am happy with the product and will continue to learn. What started this whole adventure was to limit bandwith to certain IP's or ports in general.

    Till and Falko I thank you for this site and your willingness to help others.

Share This Page