I've tried six ways from Sunday to make this work and I'm sure I'm missing something obvious. Here's the scenario:
en0 and en1 are bridged to provide transparent filtering of traffic. They are using a public IP address. [Name of the interface is "Public" br0] All internal addresses are also Public IP's (which, I know will likely start an entire unrelated debate about best practices and so forth). I've configured en7 with private addresses (10.20.2.1) and plugged this into our VoIP phone switch which is a physically separate network. I want to talk to the VoIP controller (10.20.2.100) from inside the network on a public address. I've added a public IP address as an additional address on en7. I can ping it (the public address) from the internal network. I've set up a DNAT rule:
Traffice Source: Public (Network)
Traffic Service: HTTPS
Traffic Destination: VoIP Controller (Public address on en7)
Destination: VoIP Controller (Private address 10.20.2.100)
Service: HTTPS
This no worky. [:(]
I've read that I can leave "Service:" blank since I'm not translating the service port. I've heard suggestion that I should do Full NAT instead of DNAT. Not sure what to put for "Source:" when I do that; I've tried both the public and private address for the VoIP controller as source and it didn't work. A lot of what I've been reading suggests I have to do Full NAT in order for HTTPS to be successful anyway, but I'm sure I'm missing something and there's not a lot of documentation on doing this. I'm looking for someone to point me in the right direction. Thanks!
This thread was automatically locked due to age.
