Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Problem whit NAT on different subnet

    Scheduled Pinned Locked Moved NAT
    3 Posts 2 Posters 1.2k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • E
      edoosan
      last edited by

      Hello everyone,

      my pfsense has a public IP on the WAN, its IP on the LAN is 192.168.1.253
      has 12 static routes configured (working) reached through another router with a LAN IP 192.168.1.254 (not run by me)
      I should do a NAT port 81 of my public IP on a server that resides in one of the 12 subnets.

      I have configured the Port Forward in the following way:

      WAN interface
      any source
      Destination IP WAN
      Destination port 81
      Redirect target IP 192.168.10.230
      Redirect target port 81

      The nat in this way does not work as inactive until the Manual Outbound NAT and create the SNAT rule like this:

      LAN interface
      any source
      destination 192.168.10.230
      destination port 81
      translation interface address

      This way I can from the outside to reach the server on port 81, but the internal routing between subnets is not working
      Can someone help me understand?

      thanks

      1 Reply Last reply Reply Quote 0
      • P
        phil.davis
        last edited by

        Your pfSense has a public WAN.
        I guess that the other router at LAN IP 192.168.1.254 also has some other public internet interface - i.e. it does not use your LAN and pfSense to transit traffic to the internet.
        If that is true, then when you do a normal port forward to a server behind that router, the incoming traffic reaches the destination, but the replies from the server go back out to the internet via the other path. pfSense does not see traffic flowing back, so the state is "unbalanced" and soon times out and thus the client out on the public internet stops working.

        When you NAT on the way out of pfSense onto LAN, t then looks to the internal subnets that the traffic came from pfSense LAN IP. That internal router can correctly deliver packets back to pfSense LAN IP, so traffic for the state goes happily through pfSense in both directions.

        but the internal routing between subnets is not working

        Exactly what is not working?
        Did it stop working when you added the NAT out of pfSense LAN?

        (others feel free to answer - I will be offline most of the next 24 hours)

        As the Greek philosopher Isosceles used to say, "There are 3 sides to every triangle."
        If I helped you, then help someone else - buy someone a gift from the INF catalog http://secure.inf.org/gifts/usd/

        1 Reply Last reply Reply Quote 0
        • E
          edoosan
          last edited by

          Many thanks for your reply,

          Ok with the manual outbound nat enabled and the rule of SNAT I reach
          perfectly the server on port 81 from the outside

          However, though the subnet 192.168.2.x / 24 does not reach server 192.168.1.200 on port 80.
          Instead, if I enable automatic outbound nat perfectly reach the server 192.168.1.200 on port 80 but not the server 192.168.10.230 on port 81.

          I forget what?

          thanks again

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.