Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Outbound NAT: Disable NAT for specific host

    Scheduled Pinned Locked Moved NAT
    5 Posts 2 Posters 817 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • W
      WinHelp
      last edited by

      Hey guys,

      I would like to disable NAT for a specific Host. I´ve got an PBX (192.168.50.1) without any STUN functionality in front of the pfSense (192.168.100.1) . When my ip phone (192.168.100.50) is registered, the PBX wants to connect on the pfSense (192.168.100.1) IP. So the solutions would be, to disable NAT for my ip phone. Adding a NAT rule to redirect traffic won´t work, later there should be mutliple ip phones in the network 192.168.100.0/24. I´ve tried the following:

      1.) Changed outbound NAT mode to "Hybrid Outbound NAT rule generation"
      2.) Added a manual mapping
      Do not NAT: Enabled
      Interface: WAN
      Protocol: any
      Source: 192.168.100.50
      Destination: 192.168.50.1

      Notice:
      There are multiple gateways for network traffic (Load balanced with failover).

      Excuse my bad engish ;-)

      1 Reply Last reply Reply Quote 0
      • johnpozJ
        johnpoz LAYER 8 Global Moderator
        last edited by

        Why would you be natting rfc1918 to rfc1918 in the first place for ANY device? Sure ok pfsense is a downstream firewall/router in your rfc1918 networks.

        Why would you nat these? Nat should happen at the edge when you change these rfc1918 to public.. Do you have overlapping rfc1918 networks?

        An intelligent man is sometimes forced to be drunk to spend time with his fools
        If you get confused: Listen to the Music Play
        Please don't Chat/PM me for help, unless mod related
        SG-4860 24.11 | Lab VMs 2.7.2, 24.11

        W 1 Reply Last reply Reply Quote 0
        • W
          WinHelp @johnpoz
          last edited by

          @johnpoz

          The pfSense is right behind the provider router (192.168.50.1 PBX and provider router). I didn´t thought about disabling NAT completely.

          I´ve got no overlapping rfc1918 networks.

          Do I have to consider anything when disabling NAT?
          I know the doc: https://www.netgate.com/docs/pfsense/nat/outbound-nat.html#pfsense-2-2-and-later

          1 Reply Last reply Reply Quote 0
          • johnpozJ
            johnpoz LAYER 8 Global Moderator
            last edited by johnpoz

            yeah you have to consider that the router upstream will allow the downstream networks and has route to get to them.

            Sounds more like you want this device to actually be on the 192.168.50 network vs any sort of routing. You can not put the same network on both sides of pfsense. Unless you were going to use it as a transparent bridge..

            An intelligent man is sometimes forced to be drunk to spend time with his fools
            If you get confused: Listen to the Music Play
            Please don't Chat/PM me for help, unless mod related
            SG-4860 24.11 | Lab VMs 2.7.2, 24.11

            W 1 Reply Last reply Reply Quote 0
            • W
              WinHelp @johnpoz
              last edited by

              I don´t want to make a transparent bridge and won´t use the same network on both sides. So I try to add some static routes on both sides and disable the NAT functionality.

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.