UDP SNMP monitoring of devices via pfSense NAT



  • In our setup I have a series of devices that are on separate VLANs / interfaces, accessible to be via NAT rules. The devices in question are only accessible via UDP for SNMP traffic. I've been scratching my head trying to work out how to get NAT working in this setup:

    Monitoring workstation on LAN (10.0.0.1/24)  –-->    pfSense (10.0.0.254/24) NAT  ---->    Monitored device VLAN101 (10.1.0.1/29)
    Monitoring workstation on LAN (10.0.0.1/24)  ---->    pfSense (10.0.0.254/24) NAT  ---->    Monitored device VLAN102 (10.1.0.2/29)
    Monitoring workstation on LAN (10.0.0.1/24)  ---->    pfSense (10.0.0.254/24) NAT  ---->    Monitored device VLAN103 (10.1.0.3/29)

    etc...

    Should this setup be possible? Hoping someone can shed some pearls of wisdom or point me in the direction of pertinent documentation or some troubleshooting / investigation recommendations.

    Thanks


  • Rebel Alliance Developer Netgate

    If they are both local, why do you need NAT? Just craft proper firewall rules and they can route directly.

    Otherwise you'll either have to setup multiple VIPs on pfSense so you can do 1:1 NAT -or- you'll need to map each monitored device to a different SNMP port. That may only work if your monitoring system lets you specify the SNMP port for a monitored host.