Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Help configuation

    Scheduled Pinned Locked Moved
    NAT
    2
    4
    748
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • B
      bmcneil
      last edited by

      Does anyone have an example configuration for NAT

      I have a 4100 connected to two ISP via WAN 1 & 2 , how is the failover configured with NAT enabled. there are two ISP subnets.

      V 1 Reply Last reply Reply Quote 0
      • V
        viragomann @bmcneil
        last edited by

        @bmcneil
        Which NAT direction are you talking about? Inbound / port forwarding or outbound?

        Basically with multiple WAN, you need NAT on both interfaces and both work absolutely independently.

        1 Reply Last reply Reply Quote 0
        • B
          bmcneil
          last edited by

          Hello

          Inbound/ outbound internal office users need to be able to access the internet.
          I configured DHCP, and have not how to perform the failover with NAT.
          I will then need to configure VPN access for remote workers.
          Could you provide a clear configuration document for these task. I am being consumed by so much information on the document site.

          V 1 Reply Last reply Reply Quote 0
          • V
            viragomann @bmcneil
            last edited by

            @bmcneil
            There is nothing special with multi WAN, except the failover group.

            When your WAN are configured as DHCP client, the gateways are set automatically. Otherwise with static IP state the gateway in the interface settings.

            For the failover group go to System > Routing > Gateway Groups and create a new group wherein you set the preferred gateway as Tier 1 and the second as Tier 2.The trigger level "member down" should fit your needs. State a name for the group and save the settings.
            Then go to the gateways tab and set the failover group as default gateway and save this.

            The proper outbound NAT rule should be added automatically by pfSense for both WANs, if the NAT is in automatic mode.
            With this settings you should already have internet access from inside your network over both WANs.

            For accessing your pfSense from the internet in case of a failover you have to switch the WAN IP on the client side. For instance you can use DynDNS which can be updated with the actual working WAN IP by pfSense.

            A VPN client like OpenVPN is also capable to switch the server IP itself if one is not responding. So you can also use static IP or host names here.

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.