Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    NAT from one pfsense to other in LAN

    Scheduled Pinned Locked Moved NAT
    6 Posts 2 Posters 916 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • G
      gbnfyyz1712
      last edited by

      Hi!
      I have LAN with mask 192.168.1.0/255
      The pfsense1 has ip-address - 192.168.1.2
      The pfsense2 has ip-address - 192.168.1.3

      Need to redirect clients in LAN with ip-address 192.168.1.100-192.168.1.105 which requests port 3128 of pfsense1(192.168.1.2) to port 3128 pfsense2(192.168.1.3).

      So I did next setting in Firewall->NAT section :

      And when clients requests to some outbound resource directly through pfsense1or  pfsense2 they receive response.
      But when clients requests to pfsense1 with setted NAT on it to pfsense2. There is no response. Unfortunately, I can't find any answer to solve problem in Firewall or Squid logs.
      May I get any suggestions from more qualified people than I :) ?

      1 Reply Last reply Reply Quote 0
      • johnpozJ
        johnpoz LAYER 8 Global Moderator
        last edited by

        For what possible reason could you want/need to do this… So your 2nd pfsense is another internet connection?  Why would you not just use policy routing off your 1st pfsense with 2 internet connections to have your list of users use a specific internet.

        Why would you not just point these clients to the proxy running on pfsense 2 directly??

        Like to help but as you have described what your doing - sounds completely borked..

        An intelligent man is sometimes forced to be drunk to spend time with his fools
        If you get confused: Listen to the Music Play
        Please don't Chat/PM me for help, unless mod related
        SG-4860 24.11 | Lab VMs 2.8, 24.11

        1 Reply Last reply Reply Quote 0
        • G
          gbnfyyz1712
          last edited by

          Thanks for your reply. The reason I used two pfsenses with two different WANS is сoncludes in technical possibilities to add one more ethernet adapter for one of pfsenses.
          The second pfsense, i used as backup chanel. And such scheme is satisfies my needs.
          But sometimes i need on fly to redirect the group of clients. And if i used proxy.pac to change proxy, sometimes client need to reload browser, so this way not satisfies me.

          1 Reply Last reply Reply Quote 0
          • johnpozJ
            johnpoz LAYER 8 Global Moderator
            last edited by

            "technical possibilities to add one more ethernet adapter for one of pfsenses. "

            Can you not just share the 1 physical interface of wan interface on pfsense with vlans?

            In your scenario where you port forward like that.. Your client would think its taking to proxy X at IP X.. But it would get an answer from proxy Y at IP Y.. Most clients would not like that ;)  And would ignore any such reply.

            An intelligent man is sometimes forced to be drunk to spend time with his fools
            If you get confused: Listen to the Music Play
            Please don't Chat/PM me for help, unless mod related
            SG-4860 24.11 | Lab VMs 2.8, 24.11

            1 Reply Last reply Reply Quote 0
            • G
              gbnfyyz1712
              last edited by

              If I understand You wright, You recommend to create vlan between pfsenses and use one of them (let it be pfsense1) as wan connection and the other (pfsense2) as client.
              Than create multiwan connection on pfsense2 to use on it wan2 and vlan as wan connections.

              wan1->pfsense1
                                |
                              vlan
                                |
              wan2->multiwan->pfsense2->clients

              Am I correct in my opinions?

              1 Reply Last reply Reply Quote 0
              • johnpozJ
                johnpoz LAYER 8 Global Moderator
                last edited by

                No there is no reason for 2nd pfsense.. Just connect your 2nd wan to the 1st pfsense via a vlan on the wan interface..

                An intelligent man is sometimes forced to be drunk to spend time with his fools
                If you get confused: Listen to the Music Play
                Please don't Chat/PM me for help, unless mod related
                SG-4860 24.11 | Lab VMs 2.8, 24.11

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post
                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.