How-to?? No NAT, No Packet Filter, + with Shaping.
-
I am having an issue. I setup my PFsesnse like this:
<<internet>> <(66.92.200.1)<sonicwall>(10.3.1.1)> <(10.3.1.2)<pfsense>192.168.1.1> <<lan>>
I want to setup the PFSense to just be a router with traffic shaping. I already am experienced with PFSense and shaping and have many deployments. The problem I have is that when I go to system/advanced/Traffic Shaper and Firewall Advanced/Disable Firewall, and enable "disable all packet filtering", this makes it so the shaper doesn't work. If I leave it so that packet filtering is enabled then I end up double-natting (Sonicwall needs to NAT).
Anyone done this and know what todo? I am in a real jam as I expected this to work and I need to get it working ASAP.
Thanks!</lan></pfsense></sonicwall></internet>
-
(answering my own question)
Ok, for those who need the solution to this as well. What you do is create a * * filter rule in the firewall. Both on WAN and LAN. Then, you turn on advanced NAT. When advanced NAT gets turned on, it created a default rule. Delete this rule. At this point you have a router that isn't firewalling that is NOT natting. Then go ahead and apply your traffic shaping like you normally would.
-
Well, it seems I found a major bug in PFsesnse. In this configuration EVERYTHING worked except Microsoft Active Directory Group Policies. I have no idea why and I spent almost 7 hours troubleshooting it. Had to remove the PFSense box out. Now back to the crappy shaper in Sonicwall. :(
-
Probably multicast issue, you have to allow that in the firewall.