Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    NATting to a virtual LAN IP

    Scheduled Pinned Locked Moved NAT
    19 Posts 5 Posters 5.8k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      Metu69salemi
      last edited by

      Looks like your inbound rules are ok, can please view us information of outbound rules, meaning path: (Firewall: NAT: Outbound)

      1 Reply Last reply Reply Quote 0
      • maxxerM
        maxxer
        last edited by

        sorry for the late reply. Here's the outbound rules page.
        https://dl.dropboxusercontent.com/u/706934/Outbound.pngs
        thanks again

        1 Reply Last reply Reply Quote 0
        • M
          Metu69salemi
          last edited by

          @maxxer:

          sorry for the late reply. Here's the outbound rules page.
          https://dl.dropboxusercontent.com/u/706934/Outbound.pngs
          thanks again

          Atm dropbox views me a 404..

          1 Reply Last reply Reply Quote 0
          • K
            kejianshi
            last edited by

            Try this one.

            https://dl.dropboxusercontent.com/u/706934/Outbound.png

            I'm unaware of a .pngs filetype  ::)

            1 Reply Last reply Reply Quote 0
            • M
              Metu69salemi
              last edited by

              Have you tried to edit that virtual ip with saving it in other type of virtual ip and change it back?`

              1 Reply Last reply Reply Quote 0
              • K
                kathampy
                last edited by

                If you also have an Internet gateway on WAN, you'll only need NAT rules for accessing the Internet from LAN and LAN Virtual (looks like a double NAT given your WAN subnet), not for accessing LAN Virtual (192.168.2.0/24) from WAN (192.168.1.0/24).

                If you are trying to directly access a LAN Virtual (192.168.2.0/24) host address from a WAN (192.168.1.0/24) client it's not going to work unless:

                a) The WAN clients are using pfSense's WAN address as their default gateway.
                Or
                b) Whatever device is the WAN clients' default gateway has a static route to 192.168.2.0/24 via pfSense's WAN address.
                Or
                c) You have enabled RIP broadcasting on pfSense's WAN interface and whatever device is the WAN client's default gateway has at least inbound RIP enabled on the interface connected to pfSense.
                Or
                d) The WAN clients have a static route to 192.168.2.0/24 via pfSense's WAN address. You can configure this via DHCP option 121. Note that when specifying option 121 you must also include the regular default gateway for 0.0.0.0 along with other static routes.

                Another thing to remember is that the WAN clients' subnet must be /24 or lower or they will only look for 192.168.2.x addresses on the local switch.

                1 Reply Last reply Reply Quote 0
                • panzP
                  panz
                  last edited by

                  Stupid question: is all forwarding going to pass if "block RFC1918" on WAN is active?

                  pfSense 2.3.2-RELEASE-p1 (amd64)
                  motherboard: MSI C847MS-E33 Micro ATX (with Intel Celeron CPU 847 @ 1.10 GHz) ~ PSU: Corsair VS350 ~ RAM: Kingston KVR1333D3E9S 4096 MB 240-pin DIMM DDR3 SDRAM 1.5 volt ~ NIC: Intel EXPI9301CTBLK (LAN) ~ NIC: D-Link DFE-528TX (CAM) ~ Hard Disk: Western Digital WD10JFCX Red ~ Case: Cooler Master HAF XB ~ power consumption: 21 Watts.

                  1 Reply Last reply Reply Quote 0
                  • K
                    kathampy
                    last edited by

                    Not if the block rule is above the NAT rule.

                    1 Reply Last reply Reply Quote 0
                    • panzP
                      panz
                      last edited by

                      @KurianOfBorg:

                      Not if the block rule is above the NAT rule.

                      So, maxxer has to put his WAN allow rules before RFC1918 blocking rule?

                      pfSense 2.3.2-RELEASE-p1 (amd64)
                      motherboard: MSI C847MS-E33 Micro ATX (with Intel Celeron CPU 847 @ 1.10 GHz) ~ PSU: Corsair VS350 ~ RAM: Kingston KVR1333D3E9S 4096 MB 240-pin DIMM DDR3 SDRAM 1.5 volt ~ NIC: Intel EXPI9301CTBLK (LAN) ~ NIC: D-Link DFE-528TX (CAM) ~ Hard Disk: Western Digital WD10JFCX Red ~ Case: Cooler Master HAF XB ~ power consumption: 21 Watts.

                      1 Reply Last reply Reply Quote 0
                      • K
                        kathampy
                        last edited by

                        IF your WAN subnet is private you shouldn't have the block rule.

                        1 Reply Last reply Reply Quote 0
                        • First post
                          Last post
                        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.