Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Configuring NAT overload in pfSense

    Scheduled Pinned Locked Moved NAT
    5 Posts 4 Posters 1.4k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • T
      tsame
      last edited by

      I have an IPsec VPN tunnel between two sites where Router A is running pfSense and Router B is a third-party router as below:

      LAN A---Router A (pfSense) <===IPsec tunnel===> Router B (third-party)---LAN B

      Router A has routes to systems on remote networks, which hosts in LAN B should access. I want to configure NAT overload so that when a Host in LAN B accesses systems in the remote networks, the external system sees the source IP (from LAN A) of the pfSense box and not the source IP of the host on LAN B. How do you configure NAT overload in pfsense to do this? Tried searching online, but couldn't find any info on configuring NAT overload.

      1 Reply Last reply Reply Quote 0
      • H
        heper
        last edited by

        Wtf is 'nat overload'?
        What you are describing seems to be just 'nat' ... Nothing fancy about it.

        I guess you just have to add a nat rule on the tunnel interface like you'd do on any other interface?

        T 1 Reply Last reply Reply Quote 0
        • T
          tsame @heper
          last edited by

          @heper said in Configuring NAT overload in pfSense:

          Wtf is 'nat overload'?

          http://www.firewall.cx/networking-topics/network-address-translation-nat/233-nat-overload-part-1.html

          @heper said in Configuring NAT overload in pfSense:

          I guess you just have to add a nat rule on the tunnel interface like you'd do on any other interface?

          In the settings: Firewall > NAT, there is only:

          • Port Forward

          • 1:1

          • Outbound

          • NPt

          The closest one to my use case is 1:1 NAT, but additionally I want to keep track of which client the request belongs to by mapping the client to a specific port similar to NAT overload, i.e. Port Address Translation.

          V 1 Reply Last reply Reply Quote 0
          • V
            viragomann @tsame
            last edited by

            @tsame said in Configuring NAT overload in pfSense:

            NAT overload

            Also never heard this term.

            What you're looking for might be the Outbound NAT in pfSense. "Outbound" because it translates the source addresses in packets when they are going out to an network port.

            So select the LAN interface (that's where the packets going out), at source enter the LAN B network and set the translation to "interface address" (pfSense LAN IP).

            N 1 Reply Last reply Reply Quote 1
            • N
              netblues @viragomann
              last edited by

              Nat overload is a classic cisco term
              Also called pat (port address translation) or plain nat as we know it in home appliances.

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.