Strange Question about NAT



  • Hi all,

    My pfsnese have one Wan IP: 192.168.211.1/24) and one Lan IP 192.168.1.1/24. I need to install external package for my pfsense. Therefore I need to configure my Wan to use my Public IP pool address, for example:

    OutBound NAT

    interface  source  Source Port    Destination        Destination Port          NAT Address      NAT Port

    WAN            any            *                    *                          *                      202.x.x.x                *

    I tired to ping 8.8.8.8 from my PFsense, my pfsense can receive reply from 8.8.8.8 once. After checked the wireshark log, the PFSense use the wan interface ip to send the echo request to 8.8.8.8 next time (Please refer to my attachment). Please teach me how to solve the above issue.

    Thanks.



  • Have you disabled the firewall?


  • Rebel Alliance Global Moderator

    If your wan address is rfc1918 as you posted, how and the F do you think you could have you some public IP address in its nat??  Come on people think for 2 freaking seconds!!



  • You have the WAN NATTED to a static IP in the outbound? but you have a private non-route able IP as the WAN IP?  :o



  • I "think" what's happening, because it happened to me, is that the "WAN router" they have is actually like one of those all-in-one devices from an ISP. Those have their own DHCP server, and wifi and such. In order to fix the WAN IP problem on mine (AT&T All-in-one) I went into the all-in-one and told it to pass through the WAN IP to the interface that my pfSense WAN was plugged into. This takes the all-in-one type device out of the equation and turns it into a typical modem. However, you do need to provide your own WiFi as that device can no longer provide it. Essentially, turn all it's extra crap off, DHCP, WiFi, DNS, etc, and force it into a typical modem configuration.

    However, if you REALLY want to make it work, you have to do a double hop nat, basically, toy around with the NAT on your all-in-one until you get it forwarding all ports and such to the pfSense WAN IP. It's a pain and can be a troubleshooting nightmare, I suggest the passthru interface method above.



  • The "passtrough" is more commonly known as a bridged interface where the WAN network segment and the LAN become a single logical network segment allowing the LAN clients to use the ISP's DHCP directly. Many modems/routers do support it and some of the solutions are per port as you described, implemented with an intergrated VLAN capable switch.



  • @tomli:

    Hi all,

    My pfsnese have one Wan IP: 192.168.211.1/24) and one Lan IP 192.168.1.1/24. I need to install external package for my pfsense. Therefore I need to configure my Wan to use my Public IP pool address, for example:

    OutBound NAT

    You don't need to configure NAT to be able to install external packages. Having correct IP configuration on WAN interface is more than enough for underlying software to connect to package repo - it will just use your WAN interface to do the job.
    NAT is needed only for your client machines behind pfSense, ie on LAN interface.