Nat and routing

  • Hi all :-) I need a small advice: my old network:


    is this old scenario NAT was only on server1 because server1 forwarded packets over internet. Other servers were with only routing tables.

    Now server1 is became pfsense and I see automatic NAT rules (!)

    Does pfsense should be with active NAT only on wan? Why there're automatic NAT rules for all lans?

    thanks for help


  • By default you will get automatic NAT rules for traffic from each internal LAN as it goes out WAN.
    You can change to manual NAT if you like, and then put whatever NAT rules you like (or no NAT rules).
    Since server2, server3, server4 have IPs in private address space, then I assume they only talk within your intranet (because without NAT assistance they cannot talk to public IPs). If that is so, then you probably should put block rules on lan1, lan2, lan3 to stop any packets with source server1,server2,server3 and destination public IP. If you don't do that, then the servers can still try to access public IPs, the traffic will not be NAT'd and packets with private source IPs will head out WAN. The internet routers will drop them, but it seems a waste to even send them in the first place.