Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    dose pfsense have soft NAT

    Scheduled Pinned Locked Moved NAT
    9 Posts 5 Posters 604 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • N
      NKOADMIN
      last edited by

      Are there any soft NAT available in pfsense?

      what I need to do is as below

      WAN : IP 58.x.x.1/30

      LAN : IP 203.x.x.1/27

      I need to reply 203.x.x.1/27 to internet, instead 58,x.x.1/30

      I understand soft NAT with work but how, and where I can setup in pfsense?

      any experts please help

      V N 2 Replies Last reply Reply Quote 0
      • V
        viragomann @NKOADMIN
        last edited by

        @NKOADMIN said in dose pfsense have soft NAT:

        Are there any soft NAT available in pfsense?

        What do you mean with "soft NAT"?

        N 1 Reply Last reply Reply Quote 0
        • jimpJ
          jimp Rebel Alliance Developer Netgate
          last edited by

          If you have public addresses on the LAN and do not want to NAT for them, then it sounds like you want to disable NAT. I'm not sure what you mean by "soft NAT".

          Go to Firewall > NAT on the Outbound tab and do one of the following:

          Option 1: Change to hybrid outbound NAT and add a rule to the TOP of the list for WAN which is marked Do not NAT, and match the source of the public addresses on LAN

          Option 2: Change to Manual Outbound NAT and delete any rules for subnet(s) you do not want to NAT.

          Option 1 is more likely to be easier to maintain over time, as if you later add things like additional local private networks, VPNs, etc, then with option 2 you would have to remember to go back later and add your own manual outbound NAT rules to cover the new subnet(s).

          Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

          Need help fast? Netgate Global Support!

          Do not Chat/PM for help!

          N K 2 Replies Last reply Reply Quote 0
          • N
            NKOADMIN @jimp
            last edited by

            @jimp said in dose pfsense have soft NAT:

            If you have public addresses on the LAN and do not want to NAT for them, then it sounds like you want to disable NAT. I'm not sure what you mean by "soft NAT".

            Go to Firewall > NAT on the Outbound tab and do one of the following:

            Option 1: Change to hybrid outbound NAT and add a rule to the TOP of the list for WAN which is marked Do not NAT, and match the source of the public addresses on LAN

            Option 2: Change to Manual Outbound NAT and delete any rules for subnet(s) you do not want to NAT.

            Option 1 is more likely to be easier to maintain over time, as if you later add things like additional local private networks, VPNs, etc, then with option 2 you would have to remember to go back later and add your own manual outbound NAT rules to cover the new subnet(s).

            Dear jimp

            Thank you for your reply.

            below is my situation now

            internet <--> (58.x.x.1/32 WAN) Pfsense (203.x.x.1/27 LAN) <--> (203.x.x.2/27)firewall (203.x.x.x/27) <--> DMZ &/or LAN (192.x.x.x/24)

            So if I setup as your suggest in Option 1/ Option 2, how to show the public IP of 203.x.x.x/27 to the world, i.e. when the world queries us. such as SPF queries by mxtoolsbox, queries our mail server, I need to show 203.x.x.6 instead of our Pfsense WAN port IP (58.x.x.1).

            can you give me hint on the above, so that I can follow to setup for all remaining IPs of 203.x.x.x/27

            Thank you for your help in advance.

            Paul

            ps we use pfsense as router at the moment, I will turn it to firewall router later, since we still got agreement with the firewall company.

            1 Reply Last reply Reply Quote 0
            • N
              NKOADMIN @viragomann
              last edited by

              @viragomann said in dose pfsense have soft NAT:

              @NKOADMIN said in dose pfsense have soft NAT:

              Are there any soft NAT available in pfsense?

              What do you mean with "soft NAT"?

              Dear Viragoman,

              Thank you for your reply, may be soft NAT is not the right term to use sorry.

              below is my situation now

              internet <--> (58.x.x.1/32 WAN) Pfsense (203.x.x.1/27 LAN) <--> (203.x.x.2/27)firewall (203.x.x.x/27) <--> DMZ/LAN(192.x.x.x/24)

              what I need is show the world our public IPs in the firewall (203.x.x.x/27) instead the router (pfsense) WAN IP when the world queries our servers.

              such as when I test the SPF by Mxtoolsbox, I got the softfail for router WAN IP (58.x.x.1), after discuss with our firewall service provider, they said we need to setup in the router (pfsense), to resolve this problem.

              can you give me a hint on how to resolve this.

              I am new in pfsense, but the one who handle the router and firewall left us already, and now I need to pick up all the stuff.

              Please give me hint or suggest to resolve.

              Best regards
              Paul

              1 Reply Last reply Reply Quote 0
              • N
                NKOADMIN @NKOADMIN
                last edited by

                @NKOADMIN

                After read the Netgate Docs

                I think I need to configure the Routing Public IP Addresses instead of NAT.

                I will give it a try, will post result here.

                N 1 Reply Last reply Reply Quote 0
                • N
                  NKOADMIN @NKOADMIN
                  last edited by

                  @NKOADMIN said in dose pfsense have soft NAT:

                  @NKOADMIN

                  After read the Netgate Docs

                  I think I need to configure the Routing Public IP Addresses instead of NAT.

                  I will give it a try, will post result here.

                  Yes, Routing Public IP Addresses resolve my issue.

                  now we got the correct result in Mxtoolbox

                  Thanks everyone

                  1 Reply Last reply Reply Quote 0
                  • K
                    KristaRivera Banned @jimp
                    last edited by KristaRivera

                    This post is deleted!
                    1 Reply Last reply Reply Quote 0
                    • S
                      Surveyvilla Banned
                      last edited by

                      This post is deleted!
                      1 Reply Last reply Reply Quote 0
                      • First post
                        Last post
                      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.