Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    PfSense like a gateway for multiple LAN devices using NAT.

    Scheduled Pinned Locked Moved
    NAT
    2
    5
    1.6k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • P
      pirapp
      last edited by

      Hi.

      I have some time trying to make that the pfSense works like a gateway for several monitoring consoles that will be on the LAN side of the pfSense.

      Here is what I have trying to do.

      I have my WAN network 10.10.10.0/24

      My WAN interface address is 10.10.10.15 and my default gateway is 10.10.10.1

      I also build a high availability system, so my VIP WAN interface address is 10.10.10.20. This address is very important because this IP has all the permitions in my network to reach other networks, and some pages. From what I have read and understood all the traffic got out from this IP address.

      So far I make some tests and it seems to work like this.

      But, when I make a NAT so I can reach my monitoring consoles from the WAN side, all the traffic go out from the VIP interface of the NAT translation.

      I config also a outbound NAT but the traffic still go from the NAT VIP.

      I also change the type of VIP interface, but nothing chages.

      Maybe I trying something that is impossible or I am making something wrong. Did anybody had tried something like this? Or any ideas?

      Thanks  :)

      1 Reply Last reply Reply Quote 0
      • DerelictD
        Derelict LAYER 8 Netgate
        last edited by

        The source address of the packets leaving the WAN interface will be mapped to the address specified in the outbound NAT rules.

        Maybe you should post those.

        Chattanooga, Tennessee, USA
        A comprehensive network diagram is worth 10,000 words and 15 conference calls.
        DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
        Do Not Chat For Help! NO_WAN_EGRESS(TM)

        1 Reply Last reply Reply Quote 0
        • P
          pirapp
          last edited by

          Hi. Thank you for your replying.

          My outbound rule is this.

          Interface: WAN

          Protocol: ANY

          Source: - Type: NETWORK
                      - Address: 10.20.10.0/24 (PFSENSE LAN SIDE NETWORK)
                      - Source Port: IS BLANK

          Destination: - Type: ANY
                            - Destination Port: IS BLANK

          Translation: - Address: 10.10.10.20 (VIP - WAN)
                            - Port: IS BLANK
                            - Static Port: UNMARK

          No XMKRPC Sync: SELECTED.

          Also my NAT 1:1 Rule is this one:

          Interface: WAN

          External Subnet IP: 10.10.10.22

          Internal IP: - Type: SINGLE HOST
                            - 10.20.10.10

          Destination: - Type: ANY

          NAT Reflection: DISABLE.

          1 Reply Last reply Reply Quote 0
          • DerelictD
            Derelict LAYER 8 Netgate
            last edited by

            I don't know what it'll do with a 1:1 NAT defined in the same range as an outbound NAT… Never done that. I would think the 1:1 would be controlling over regular outbound NAT.

            Proxy?

            https://doc.pfsense.org/index.php/Why_does_my_system_using_1:1_NAT_still_appear_to_access_the_web_via_the_pfSense_router%27s_WAN_IP%3F

            Chattanooga, Tennessee, USA
            A comprehensive network diagram is worth 10,000 words and 15 conference calls.
            DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
            Do Not Chat For Help! NO_WAN_EGRESS(TM)

            1 Reply Last reply Reply Quote 0
            • P
              pirapp
              last edited by

              Hi.

              Yes you were right. The 1:1 NAT made that the pfSense map the traffic with the IP of the NAT.

              Instead I use a port forwarding from a WAN IP to a LAN IP, and a outbound rule to the IP address of the WAN interface.

              ;D

              Thank you for your help.

              1 Reply Last reply Reply Quote 0
              • First post
                Last post