dose pfsense have soft NAT
-
Are there any soft NAT available in pfsense?
what I need to do is as below
WAN : IP 58.x.x.1/30
LAN : IP 203.x.x.1/27
I need to reply 203.x.x.1/27 to internet, instead 58,x.x.1/30
I understand soft NAT with work but how, and where I can setup in pfsense?
any experts please help
-
@NKOADMIN said in dose pfsense have soft NAT:
Are there any soft NAT available in pfsense?
What do you mean with "soft NAT"?
-
If you have public addresses on the LAN and do not want to NAT for them, then it sounds like you want to disable NAT. I'm not sure what you mean by "soft NAT".
Go to Firewall > NAT on the Outbound tab and do one of the following:
Option 1: Change to hybrid outbound NAT and add a rule to the TOP of the list for WAN which is marked Do not NAT, and match the source of the public addresses on LAN
Option 2: Change to Manual Outbound NAT and delete any rules for subnet(s) you do not want to NAT.
Option 1 is more likely to be easier to maintain over time, as if you later add things like additional local private networks, VPNs, etc, then with option 2 you would have to remember to go back later and add your own manual outbound NAT rules to cover the new subnet(s).
-
@jimp said in dose pfsense have soft NAT:
If you have public addresses on the LAN and do not want to NAT for them, then it sounds like you want to disable NAT. I'm not sure what you mean by "soft NAT".
Go to Firewall > NAT on the Outbound tab and do one of the following:
Option 1: Change to hybrid outbound NAT and add a rule to the TOP of the list for WAN which is marked Do not NAT, and match the source of the public addresses on LAN
Option 2: Change to Manual Outbound NAT and delete any rules for subnet(s) you do not want to NAT.
Option 1 is more likely to be easier to maintain over time, as if you later add things like additional local private networks, VPNs, etc, then with option 2 you would have to remember to go back later and add your own manual outbound NAT rules to cover the new subnet(s).
Dear jimp
Thank you for your reply.
below is my situation now
internet <--> (58.x.x.1/32 WAN) Pfsense (203.x.x.1/27 LAN) <--> (203.x.x.2/27)firewall (203.x.x.x/27) <--> DMZ &/or LAN (192.x.x.x/24)
So if I setup as your suggest in Option 1/ Option 2, how to show the public IP of 203.x.x.x/27 to the world, i.e. when the world queries us. such as SPF queries by mxtoolsbox, queries our mail server, I need to show 203.x.x.6 instead of our Pfsense WAN port IP (58.x.x.1).
can you give me hint on the above, so that I can follow to setup for all remaining IPs of 203.x.x.x/27
Thank you for your help in advance.
Paul
ps we use pfsense as router at the moment, I will turn it to firewall router later, since we still got agreement with the firewall company.
-
@viragomann said in dose pfsense have soft NAT:
@NKOADMIN said in dose pfsense have soft NAT:
Are there any soft NAT available in pfsense?
What do you mean with "soft NAT"?
Dear Viragoman,
Thank you for your reply, may be soft NAT is not the right term to use sorry.
below is my situation now
internet <--> (58.x.x.1/32 WAN) Pfsense (203.x.x.1/27 LAN) <--> (203.x.x.2/27)firewall (203.x.x.x/27) <--> DMZ/LAN(192.x.x.x/24)
what I need is show the world our public IPs in the firewall (203.x.x.x/27) instead the router (pfsense) WAN IP when the world queries our servers.
such as when I test the SPF by Mxtoolsbox, I got the softfail for router WAN IP (58.x.x.1), after discuss with our firewall service provider, they said we need to setup in the router (pfsense), to resolve this problem.
can you give me a hint on how to resolve this.
I am new in pfsense, but the one who handle the router and firewall left us already, and now I need to pick up all the stuff.
Please give me hint or suggest to resolve.
Best regards
Paul -
After read the Netgate Docs
I think I need to configure the Routing Public IP Addresses instead of NAT.
I will give it a try, will post result here.
-
@NKOADMIN said in dose pfsense have soft NAT:
After read the Netgate Docs
I think I need to configure the Routing Public IP Addresses instead of NAT.
I will give it a try, will post result here.
Yes, Routing Public IP Addresses resolve my issue.
now we got the correct result in Mxtoolbox
Thanks everyone
-
This post is deleted! -
This post is deleted!