Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Is it possible to disable NAT

    Scheduled Pinned Locked Moved NAT
    7 Posts 4 Posters 2.1k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • J
      jvwjgames
      last edited by

      I need NAT disabled cause I have static ip's and can't have the router doing any NATTING.

      1 Reply Last reply Reply Quote 0
      • D
        divsys
        last edited by

        What specifically are worried will happen?

        Unless you enable NAT pfSense will not translate any addresses for you.

        What is your application?

        -jfp

        1 Reply Last reply Reply Quote 0
        • J
          jvwjgames
          last edited by

          I have 13 static wan iP's and need them to communicate directly to the Internet through pfsense so I will need pfsense to not NAT the iP's

          1 Reply Last reply Reply Quote 0
          • D
            divsys
            last edited by

            How do you plan on connecting the static IP's to pfSense?

            Do you have 13 modems from your ISP or will you be using VLANS?

            What do you plan do with your 13 IP addresses, bandwidth share, failover, route to 13 servers?

            What are expecting pfSense to do for you?

            -jfp

            1 Reply Last reply Reply Quote 0
            • J
              jvwjgames
              last edited by

              I plan on routing my 13 statics to my servers so it goes Cable modem>Pfsense with static on WAN>static on other WAN>servers with the remaining ip's.

              1 Reply Last reply Reply Quote 0
              • DerelictD
                Derelict LAYER 8 Netgate
                last edited by

                If you have a single /28 from the ISP, you really can't put them "behind" pfSense.  Your best bet would be 1:1 NAT to your servers but that's still NAT.

                Tell your ISP to assign a /30 to your WAN and route the /28 to that.

                You would then assign the /28 to a pfSense OPT interface, disable NAT, pass the desired traffic, and you're done.

                Your other option would be to bridge an OPT interface with WAN and number the hosts on that interface.  But you might as well just use an outside switch.

                Chattanooga, Tennessee, USA
                A comprehensive network diagram is worth 10,000 words and 15 conference calls.
                DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
                Do Not Chat For Help! NO_WAN_EGRESS(TM)

                1 Reply Last reply Reply Quote 0
                • ScottyDMS
                  ScottyDM
                  last edited by

                  I'm a pfSense newbe, but I know networking in general.

                  On your WAN side you'll have one of your static IPs assigned to pfSense, along with the /28 to tell it the size of your subnet, and the gateway address (the address of your modem).

                  My ancient SonicWALL was just smart enough to be stupid. It knew the 0th, 15th, gateway, and it's own address were unavailable, and so the other 12 addresses in that /28 subnet must belong on the LAN–so it set itself to bridging mode (you could override that with NAT if desired).

                  pfSense is much smarter than that and so it assumes nothing. What if there were other hosts between it and the gateway? Therefore you must set virtual IPs to tell it that when it sees one of them, it must do something with it. There is a bridging mode in pfSense, but my neighbor suggested 1-to-1 NAT would be better. Or one could use port forwarding, in which case rules can be auto-generated. Three choices, but all require virtual IPs be set first.

                  To set virtual IPs go to "Firewall / Virtual IPs".

                  It's a little hard to find bridging in the GUI, so here's a page in the DOCs that describes it. https://doc.pfsense.org/index.php/Interface_Bridges

                  1 Reply Last reply Reply Quote 0
                  • First post
                    Last post
                  Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.