NAT Pain (Multiple PfSense, Virtual And Physical Networks)



  • Hey all,

    I'm having trouble getting my solution to work. Basically I'm trying to setup a 1:1 NAT from two different networks (one is my LAN, and another is a LAN behind another pfSense machine - see diagram): https://s27.postimg.org/4ahyyzn2b/network.png

    I basically need to be able to go from Server A (192.168.1.131) to Server B (10.0.2.5) and any other server on the NAT network (10.0.2.1/24) using a variety of different ports (HTTP/HTTPS/UDP ports, TCP ports, etc).

    The connection kind of works, from going out from Server B to Server A but I am experiencing packet loss when the connection is initiated from Server A to Server B in the opposite direction.

    The virtual pfSense server has the WAN set to the 192.168.1.130 port and LAN set to the 10.0.2.1 port.

    I've tried the following:
    Configuring a VIP on the virtual pfSense server and setting up 1:1 NAT

    Removing the default restrictive WAN rules on the virtual pfSense machine (RFC rule etc)

    Setting up a gateway/static route on the physical network for 10.0.2.0/24 via 192.168.128.130

    Various other firewall rules to no avail.

    Any help setting this up would be appreciated!



  • There should be no NAT config required.  This should just work with basic routing, assuming your firewall rules are good.  Post both firewall rules for the WAN & LAN interfaces, then blow away any weird NATs you may have created and start fresh.