Natting - moving from cisco router to pfsense

johnpoz

Not sure what your doing exactly... But this would just work out of the box.. It will out outbound nat your lan network to your wan IP.

There really is nothing to do but run through the bouncing ball setup.

Change your lan network to the range you want to use. 10.130.50.4/29

If your gateway is offline, then no your not going to go anywhere, nor are you going to be natting anything.. Pfsense needs to be able to ping its wan gateway.. This 10.195.50.10 address?

A Former User

Hi
what im trying to is to replace Cisco 1841 Router with pfsense
the cisco 1841 router has failed to work properly after a recent power failure at our place and for a
temporary replacement we have setup a pc with pfsense installed in virtual box with the
same ip as the router 10.130.50.4

I have two NICS
virtual box setup - both adapter in bridge mode
Virtual Box Host adapter - 10.195.50.18/255.255.254.0/10.195.50.10
Pfsense LAN 10.130.50.4

1st pc network adapter - 10.130.50.5/255.255.255.248/10.130.50.3
2nd pc network adapter - 10.195.50.19/255.255.254.0/10.195.50.10

pfsense gateway 10.195.56.10 is display as offline and vlan pc have no internet
but i have internet in the virtual box pc and i can access pfsense from browser

So now i need to be able to nat my internal lan subnets from the Pfsence box, just like the old router was doing.

johnpoz

Well you need to look to your vm setup.. If pfsense can not ping its gateway - your going to have a bad day..

If the device just doesn't answer ping, you can setup pfsense to just always assume the gateway is up.. But you shouldn't have to do that.. Does pfsense show the mac address of its gateway in its arp table? You can view the arp table in the diagnostic menu, arp table.

But pfsense there really is nothing to configure other than the wan IP and its gateway, and the lan IP and mask.. It will auto nat to your wan IP.

A Former User

thank you John Poz..

yes i can see the mac address of the gateway in pfsense, what should i do with the info ? status - Expires in 974 seconds

i'll try to figure my virtual box setup what causing the gateway to be offline..

i can browse the internet without problem in my pc by using 10.195.50.10 as gateway

johnpoz

Well if you can see the mac, and its correct but its just not answering ping.. You could set the monitoring for the gateway to always up.. And then see if pfsense can ping outside IPs,

Or you could try changing the monitoring IP to something that does answer ping upstream from pfsense.

A Former User

@johnpoz i disabled monitoring and also try to change the monitoring ip ..the status changed to online but i still can't ping and no internet

A Former User

Hi just would like to update,

i adjusted my virtual box setting

1st pc network adapter - 10.195.50.19/255.255.254.0/10.195.50.10
2nd pc network adapter - 10.130.50.5/255.255.255.248/10.130.50.3
virtual box setup - both adapter in bridge mode
Virtual Box Host adapter - 10.130.50.6/255.255.255.248/10.130.50.3
Pfsense LAN 10.130.50.4

i have internet in this pc and i can access pfsense 10.130.50.4 and my core switch 10.130.50.3

the gateway 10.195.50.10 is now online in my pfsense, and i can ping to internet
but 10.130.50.3 (core switch)gateway is offline in pfsense
..i can't ping LAN and now i cant access pfsense in my vlan since the static route i made in pfsense failed
10.130.0.0 255.255.0.0 10.130.50.3

im still trying to solved this, ..bear with me..im new with thing and i really hope i can solve this

johnpoz

@kayul said in Natting - moving from cisco router to pfsense:

but 10.130.50.3 (core switch)gateway is offline in pfsense

Huh?? Draw up your network.. Sounds like you have a real mess.. So your pointing to a L3 switch for pfsense as its gateway?

Sounds like you have some sort of asymmetrical mess most likely as well.

And both of these adapters have gateways??

A Former User

@johnpoz i tried to draw the diagram..im not really sure if im doing this right..i include the router and coreswitch setting Router.txt Core Switch.txt

johnpoz

So you have a server say 10.130.101.42/23, what is it using for its gateway?

Using 10.130.50/29 as a transit network is fine.. But how are you setting up gateway? You wouldn't put it on the interface.. You would create a gateway under routing, and then setup any routes to downstream networks.

Here is a logical diagram.. with a downstream router.. So its easier to read

Lets assume you have all the VM stuff setup correctly for the different L2 networks and how things are connected.. So what IPs your using on the VM host have nothing to do with how this traffic would flow.

Keep in mind that once you create gateway pointing to your downstream router this .3 that is on say the lan interface of pfsense. You have to adjust the lan rules to allow these downstream networks. Since I assume your downstream router is not natting.

Once you create the route for the downstream network 10.130.101/24, pfsense if using the default automatic outbound nat would add this downstream network(s) to your outbound nat..

Did I draw this correctly? Lets just deal with 1 downstream network, this 10.130.101/24 for now..

On a side note - I personally don't like using a transit network that could get confused with your actual networks... If you are going to use 10/8 for your networks, then use say the 172.16/12 or 192.168/16 space for your transits

So vs using this 10.130.50.0/29 as transit, say use 172.16.0.0/29

Hope that helps.