i have my setup like this:
Internet -> PfSense -> Privats subnet server
PfSense and Private subnet server are inside a VPC with following IP. PfSense has internet connection. it has an Elastic IP. and a private ip, 10.0.0.20.
Pfsense -> 10.0.0.0/24
private server -> 10.0.2.0/24
Both can ping each other so routing among them is fine. I want to use pfsense as NAT gateway, but on private server, how can i do it?
I have setup squid server , but squid is limited, as i want to NAT all traffic from private subnet of 10.0.2.0/24 through pfsense IP.
On private server, i have default gateway as 10.0.2.1 , the gateway should be IP of pfsense, but when i change it, i lose all connectivity to the server (which is obvius).
Any way out of this?
(I dont want to use NAT gateway, but want to use pfsense only, as i want security and want all vpc traffic going through one gateway)
Best Answer
Make sure to disable the source/destination check for the instance acting as the NAT gateway. You can do this from the "Instance Actions" menu. There is a default security setting on EC2 instances to prevent IP/MAC spoofing.