Help with Double NAT'ing

deaney

Hi Guys,

This one is driving me crazy.

Im trying to have my PFsense VM setup so that my VM's are not on the local lan, they all talk through PFsesne and that handles DNS, DHCP etc… effectively acting as a modem/router inside of my virtual network.

I only want the one IP on my 192.168.1.0 Subnet from the PFsense machine, I want the VM's to pass all traffic through it.

I have linked the physcial Nic into the PFsesne VM, it goes out to the gateway.

I edited the rules but still... none of the VM's on the 172 internal network get any internet access..

Here are some screenshots.

Thanks in advance!

Untitled.jpg_thumb
![2013-05-05 2.jpg](/public/imported_attachments/1/2013-05-05 2.jpg)
![2013-05-05 2.jpg_thumb](/public/imported_attachments/1/2013-05-05 2.jpg_thumb)
![2013-05-05 23_06_34-se.jpg](/public/imported_attachments/1/2013-05-05 23_06_34-se.jpg)
![2013-05-05 23_06_34-se.jpg_thumb](/public/imported_attachments/1/2013-05-05 23_06_34-se.jpg_thumb)
![2013-05-05 23_06_56-server .jpg](/public/imported_attachments/1/2013-05-05 23_06_56-server .jpg)
![2013-05-05 23_06_56-server .jpg_thumb](/public/imported_attachments/1/2013-05-05 23_06_56-server .jpg_thumb)

podilarius

For WAN options, do you have it set to block private networks?

deaney

Hi podilarius,

Thanks for the reply - no, its left unticked as I knew this would cause issues due to the IP.

podilarius

NP. Just starting with the basics.
I would ditch the 1:1 rule for now. That is not doing what you think it is. The AON (automatic outbound NAT) is mapping it to only 1 IP address, the WAN address.
Looks like you will need to port forward anything else internally.