Mixed NAT and routing

aray · Sep 6, 2008, 10:59 AM

Hi All,

I'm running pfsense embedded (recent version). I have 3 interfaces
WAN (PPPoE)
LAN (a PUBLIC ip range /28 network) - to be routed
OPT1 (a PRIVATE ip range) - to be nat'ed

I am a bit lost as to how to enable normal routing, etc for the LAN (public ips)
And at the same time, enable NAT for the OPT1 (PRIVATE ips).

If I put a public IP range in the LAN interface, is pfsense smart enough to realise it's not a RFC1918 (private) range and just apply routing?

I see the option to disable all firewall/nat - but I don't want that globally (just for one of the interfaces)

If I do manual nat mappings, will it allow routing for the other (non-nat) interfaces?

I am unable to test the configuration before I put it into production (hence the nervousness)

Any direction greatly appreciated.

Thanks,
Andrew

GruensFroeschli · Sep 6, 2008, 11:02 AM

Enable advanced outbound NAT
firewall –> nat --> outbound

Modify the autocreated rule (NAT from source:LAN-subnet to WAN interface) so it NAT's from the OPT1 subnet to the WAN interface.

If you delete all the rules under AoN pfSense becomes a routing-plattform with firewall capabilities.

aray · Sep 6, 2008, 12:13 PM

Thanks very much for the quick reply.

Also, another question. When the PPPoE connection is established, will it automatically become the default gateway for the LAN interface?

(there is no place for me to define this in the interfaces - if I go to system and static routes, I can only define by IP addresses, not by interface).

Cheers,
Andrew.

nocer · Sep 6, 2008, 12:39 PM

Yes.

It is done by some scripts to be run when the WAN(doesn't matter what the connection type is).
Look for linkup scripts and see inside then you know what is going on while link is being established.

cheers,

aray · Sep 7, 2008, 7:48 AM

Thanks for the help :)