How-to?? No NAT, No Packet Filter, + with Shaping.

far182 · Oct 8, 2008, 9:07 PM

I am having an issue. I setup my PFsesnse like this:

<<internet>> <(66.92.200.1)<sonicwall>(10.3.1.1)> <(10.3.1.2)<pfsense>192.168.1.1> <<lan>>

I want to setup the PFSense to just be a router with traffic shaping. I already am experienced with PFSense and shaping and have many deployments. The problem I have is that when I go to system/advanced/Traffic Shaper and Firewall Advanced/Disable Firewall, and enable "disable all packet filtering", this makes it so the shaper doesn't work. If I leave it so that packet filtering is enabled then I end up double-natting (Sonicwall needs to NAT).

Anyone done this and know what todo? I am in a real jam as I expected this to work and I need to get it working ASAP.

Thanks!</lan></pfsense></sonicwall></internet>

far182 · Oct 9, 2008, 1:13 AM

(answering my own question)

Ok, for those who need the solution to this as well. What you do is create a * * filter rule in the firewall. Both on WAN and LAN. Then, you turn on advanced NAT. When advanced NAT gets turned on, it created a default rule. Delete this rule. At this point you have a router that isn't firewalling that is NOT natting. Then go ahead and apply your traffic shaping like you normally would.

far182 · Oct 10, 2008, 1:31 AM

Well, it seems I found a major bug in PFsesnse. In this configuration EVERYTHING worked except Microsoft Active Directory Group Policies. I have no idea why and I spent almost 7 hours troubleshooting it. Had to remove the PFSense box out. Now back to the crappy shaper in Sonicwall. :(

eri-- · Oct 10, 2008, 6:26 AM

Probably multicast issue, you have to allow that in the firewall.