Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Route/nat a specific subnet

    Scheduled Pinned Locked Moved NAT
    3 Posts 2 Posters 843 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      Solidus935
      last edited by

      Hi all,

      i am having problem with routing traffic that is not a part of the pfsense lan network.  i have attached a diagram of the lab network.
      my goal for this lab is to forward traffic of the tmg internal lan to pfsense router which will send it to the internet. however the router

      keeps dropping the traffic. if i set the tmg sever to nat traffic coming from it's internal network this will work. but that's not what i want to accomplish.
      please anyone assist me with this.

      Thanks
      lab.jpg
      lab.jpg_thumb

      1 Reply Last reply Reply Quote 0
      • DerelictD
        Derelict LAYER 8 Netgate
        last edited by

        System->Routing

        make a gateway for 192.168.1.2
        create a route for 10.0.1.0/24 with that gateway as the gateway and LAN as the interface

        You'll need to be sure the firewall rules on LAN will pass traffic sourced from "LAN net" (192.168.1.0/24) and 10.0.1.0/24, probably destination any any if you don't have specific requirements.

        Then you'll need to switch to manual outbound NAT in Firewall->NAT.  When you do that you will see two rules with source addresses from 192.168.1.0/24.  Duplicate them for 10.0.1.0/24.

        You'll have to do whatever on the TMG to make it pass traffic.  You also  want all NAT turned off on the TMG.  You want traffic from behind the TMG to hit pfSense LAN with a source address in 10.0.1.0/24.

        And you're done.

        Chattanooga, Tennessee, USA
        A comprehensive network diagram is worth 10,000 words and 15 conference calls.
        DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
        Do Not Chat For Help! NO_WAN_EGRESS(TM)

        1 Reply Last reply Reply Quote 0
        • S
          Solidus935
          last edited by

          Thanks much it's working great!!!!

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.