NAT Pain (Multiple PfSense, Virtual And Physical Networks)

  • Hey all,

    I'm having trouble getting my solution to work. Basically I'm trying to setup a 1:1 NAT from two different networks (one is my LAN, and another is a LAN behind another pfSense machine - see diagram):

    I basically need to be able to go from Server A ( to Server B ( and any other server on the NAT network ( using a variety of different ports (HTTP/HTTPS/UDP ports, TCP ports, etc).

    The connection kind of works, from going out from Server B to Server A but I am experiencing packet loss when the connection is initiated from Server A to Server B in the opposite direction.

    The virtual pfSense server has the WAN set to the port and LAN set to the port.

    I've tried the following:
    Configuring a VIP on the virtual pfSense server and setting up 1:1 NAT

    Removing the default restrictive WAN rules on the virtual pfSense machine (RFC rule etc)

    Setting up a gateway/static route on the physical network for via

    Various other firewall rules to no avail.

    Any help setting this up would be appreciated!

  • There should be no NAT config required.  This should just work with basic routing, assuming your firewall rules are good.  Post both firewall rules for the WAN & LAN interfaces, then blow away any weird NATs you may have created and start fresh.

Log in to reply