Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    1:1 NAT = No Internet

    Scheduled Pinned Locked Moved NAT
    2 Posts 2 Posters 1.2k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      simple1689
      last edited by

      Previous pFsense Firewall (version: 2.3.2-RELEASE-p1) was getting 10MbpsD/4MbpsU instead of 40/20. The Firewall was originally configured with CARP to another pFsense Node was have since turned off, but did not replace. So CARP is still enabled. Anyhow, it was determined that the pFsense was indeed bottling the connection down. Could be MTU (at default), Bad Port, or ?? In any case, I wanted to setup a new appliance and replace the current (also remove CARP for now).

      Setup new pFsense and upgrade to 2.3.4
      Setup WAN with Static Block #1 (70.x.x.x /28) and configure Cox Gateway (70.x.x.1)
      We have a 2nd Static Block coming through same WAN (182.x.x.x /28). Not sure where to configure except as a Virtual IP which I have yet to do
      Setup LAN, Aliases, Firewall Rules, and 1:1 NAT (Including some Outbounds NATs)

      At first, I couldn't reach the Internet. This was due to an Outbound NAT taking 10.0.1.0/24 traffic and translating as the WAN IP. Not sure why this was made, but deleted after realizing. LAN hits Internet now.
      However, 1:1 NAT'd objects do not hit Internet. If I disable the 1:1 NAT, no issues hitting Internet.
      This includes External IPs from the same WAN subnet (70.x.x.x/28).

      I am trying to wrap my head why the 1:1 NAT would cause loss of internet. No other Outbound NATs are configured that might block it.

      1 Reply Last reply Reply Quote 0
      • DerelictD
        Derelict LAYER 8 Netgate
        last edited by

        1:1 takes precedence over outbound NAT.

        You are probably going to have to post what you have done instead of a description of that you think you have done.

        We have a 2nd Static Block coming through same WAN (182.x.x.x /28). Not sure where to configure except as a Virtual IP which I have yet to do

        Is that routed to an address on 70.x.x.x /28 or is it somehow on the same interface.

        If it is routed you can do anything you want with it. Use it as VIPs. Put it (or a portion of it) on an inside interface, disable NAT, and assign addresses from it directly to inside servers. Route it (or a portion of it) somewhere downstream.

        If it is not routed and you are not yet using it, I would ask them to change it. There are no downsides and lots of upsides to having a routed subnet.

        Chattanooga, Tennessee, USA
        A comprehensive network diagram is worth 10,000 words and 15 conference calls.
        DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
        Do Not Chat For Help! NO_WAN_EGRESS(TM)

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.