NAT to different interface than WAN

Pagi

Hello,

My router looks like below:

WAN IP: x.x.x.102 (Public)
LAN1 IP: 192.168.0.1
LAN2 IP: 192.168.10.1
LAN3 IP: y.y.y.81 (Public)

Now NAT is configured to exit with IP x.x.x.102 on WAN interface.
Is it posible to configure like this:

Leave LAN1 to use x.x.x.102 on WAN interface to NAT outside.
Reconfigure PFsense to NAT LAN2 through y.y.y.81 configured on LAN3 interface.

Network on LAN 3 is different than this configured as WAN.

When I configure NAT outbound rule for 192.168.10.0/24 to use y.y.y.81 as addess in Translation section leaving WAN as interface the hosts from 192.168.10.0/24 are still visible in internet as x.x.x.102

When I change interface to LAN3 in NAT outboun rule it stop works at all.

Is it possible to configure it somehow?

BR
Pawel

SteveITS

@Pagi Does LAN3 have a gateway? The labeling confuses me a bit.

If LAN3 goes towards the Internet then the interface in the outbound NAT rule would be LAN3. It might be clearer to label it WAN2 though.

However per https://docs.netgate.com/pfsense/en/latest/multiwan/nat.html it should be automatic?

"The default NAT rules generated by pfSense software will translate any traffic leaving a WAN-type interface to the IP address of that interface. ... This is all handled automatically unless Manual Outbound NAT is enabled."

Pagi

LAN3 is a LAN interface because this is a different public network /28 routed to my router to his WAN IP x.x.x.102. This network is y.y.y.80/28 where y.y.y.81 is gateway for this network but from LAN3 side. In my understanding this is LAN network but with public IPs. It's not connected directly to the internet link. It's on the oposite side of the router, but is accesible from the internet as the second public IP of the router but on the different interface than WAN.
I hope that I can explain it as much clearly as I can :)

Ind the question is.. do I use IP of this "inside" interface as NAT source to the internet for 192.168.10.0/24 network whis is connected to another LAN interface.

When I try to setup it as on the screen any of the internet IPs are not pingable. Rules for LAN 2 and LAN 3 allowa any outgoing traffic.

Is any chance to make it working?

Maybe this diagram explain more:

Best regards and sorry for my not very fluent English :)
Paweł

SteveITS

@Pagi Ah, I see. Public IPs used internally normally do not use NAT:
https://docs.netgate.com/pfsense/en/latest/recipes/route-public-ip-addresses.html#nat-configuration. The remote end connects to the public IP directly, and access is controlled by firewall rules on WAN.

Pagi

@SteveITS said in NAT to different interface than WAN:

@Pagi Ah, I see. Public IPs used internally normally do not use NAT:
https://docs.netgate.com/pfsense/en/latest/recipes/route-public-ip-addresses.html#nat-configuration. The remote end connects to the public IP directly, and access is controlled by firewall rules on WAN.

Yes, i know this. Hosts from y.y.y.80/28 can directly reach internet through routing (without NATing of course). I have no NAT outbound rules for public network.

The case is to use the second public IP of the router from LAN3 interface to NAT through it hosts from LAN2 network (192.168.10.0/24).
Please see my diagram :)

I want a situation that:
192.168.0.0/24 is NATed through x.x.x.102
192.168.10.0/24 is NATed through y.y.y.81
y.y.y.80/28 is routed without NAT

I'm preety sure that i dit it a long time ago on linux.

BR
Pawel

SteveITS

@Pagi Can .81 be split out into a /30 maybe? Then the remainder can be on LAN3.

Pagi

@SteveITS I don't want to do this. I think that is not good option to loose public IPs for that purpose :/ Furthermore y.y.y.80/28 is already assigned and ~80% IPs are used.

So it's not possible to do NAT using "internal" public IP?