Double NAT problem
-
Hi
I have a firewall hardware (192.168.1.1) with pfSense 2.3.2 64 bit which manages a LAN (192.168.1.0) with 8 network devices with fixed IPs.
On the WAN port of the firewall, I connected a VDSL2 router (10.0.0.1) that manages the Internet connection and provides Internet to the LAN.
To get Internet on the LAN, unfortunately, I have to enable the router's NAT.
So now, my LAN sees both the firewall NAT is that of the VDSL2 router causing some problems on the LAN.
So how should I configure pfSense to make sure that the LAN only see the firewall's NAT?
The firewall and router configuration is:
Thanks
Bye
-
In other words, how I should configure pfSense to ensure that the two NAT do not interfere with each other?
Thanks
Bye
-
Just ensure that both routers do NAT in both direction. On the VDSL router this should be set by default.
On pfSense this is default as well, you may check it in Firewall > NAT > Outbound. It should be set to automatic rule generation.Also ensure that "Block private networks and loopback addresses" is unchecked in the WAN interface settings, since you have a private WAN subnet.
-
Just ensure that both routers do NAT in both direction. On the VDSL router this should be set by default.
On pfSense this is default as well, you may check it in Firewall > NAT > Outbound. It should be set to automatic rule generation.Also ensure that "Block private networks and loopback addresses" is unchecked in the WAN interface settings, since you have a private WAN subnet.
These settings
are right?
Thanks
Bye
-
Yeah, it should work properly with this setting.
What's the problem?
The crucial sentence in your first post
@balubeto:So now, my LAN sees both the firewall NAT is that of the VDSL2 router causing some problems on the LAN.
isn't understandable.
-
Yeah, it should work properly with this setting.
What's the problem?
The crucial sentence in your first post
@balubeto:So now, my LAN sees both the firewall NAT is that of the VDSL2 router causing some problems on the LAN.
isn't understandable.
My computers with Windows 7 SP1 on the LAN see two NAT.
Whereas if I unplug the VDSL2 router from the firewall, the computers see an only NAT and, therefore, the LAN is working properly.
So how do I fix this?
Thanks
Bye
-
How is your equipment connected? I can't imagine any scenario in which a computer could see both, unless somehow connected to both. Normally, when you have double NAT, you see only the one you're connected to.
-
How is your equipment connected? I can't imagine any scenario in which a computer could see both, unless somehow connected to both. Normally, when you have double NAT, you see only the one you're connected to.
My LAN is composed of a hardware firewall, a NAS, a network printer, two smart TV and 6 computers with Windows 7 SP1. Also, I have a VDSL2 router, connected to the WAN port on the firewall, which provides Internet to the LAN.
All of these network devices have fixed IPs and have the DHCP disabled.
So why computers even see the router's NAT?
Thanks
Bye
-
I tried a new configuration of the firewall but the devices connected to the 192.168.1.0 network can still see the 10.0.0.0 network NAT causing malfunctions to the main network.
If I disable the NAT of the 10.0.0.0 network, the first network returns to work properly but I have no more Internet on this network.
So how should I do to make sure that the main network does not see the secondary network NAT?
The new firewall (192.168.1.1) and VDSL2 router (10.0.0.1) configuration is:
Thanks
Bye
-
??? LAN: 192.168.1.1 with "GW_LAN: 192.168.1.1" ?
https://doc.pfsense.org/index.php/Connectivity_Troubleshooting#LAN_Interface
-
@ptt:
??? LAN: 192.168.1.1 with "GW_LAN: 192.168.1.1" ?
https://doc.pfsense.org/index.php/Connectivity_Troubleshooting#LAN_Interface
So, what should I change?
Thanks
Bye
-
-
You should not set any gateway on LAN interface if the pfSense is the LAN gateway.
-
I also tried to change the LAN gateway, but it is always offline.
Where am I wrong?
Thanks
Bye
-
Where am I wrong?
Besides Trial & Horror, read #12 again. Remove that gateway for the LAN…
-
@hda:
Where am I wrong?
Besides Trial & Horror, read #12 again. Remove that gateway for the LAN…
I deleted the gateway that was always offline.The router's NAT causes some malfunctions and slowdowns in the LAN.
If, though, off the NAT the LAN returns to work, but the Internet does not work on the LAN.If I put the router in Bridge mode (disabling its NAT and disconnecting the Internet connection) I should enable the PPPoE client on the firewall to manage the Internet on the LAN.
In this case, but, the analog phone and fax machine connected to the router will not work.
So how do I solve this problem of the phone and fax?
Thanks
Bye
-
If I had to do in this way:
I would still have the Internet service on the LAN?
Thanks
Bye
