Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Nat 1:1 wan from vlan

    Scheduled Pinned Locked Moved NAT
    4 Posts 2 Posters 629 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • Q
      qzvt
      last edited by

      Hi There,

      I have 2 vlans, 10 for guest and 20 for staff.

      vlan10 10.10.1.1/24
      vlan20 10.20.1.1/24

      (VM Guest)
        firewall 10.10.10.2 <–-> 10.10.10.1 (wan) pfSense (lan) 10.30.1.1/24 <---> switch <---> access point(Guest) vlan10
              |                                                                                                                    |<---> access point(Staff) vlan20
              |---> ADs 192.168.1.0/24

      For this configure it's worked but when vlan 20 has authenticated to ADs event log is show ip from wan interface of pfSense only. it's possible to get real ip from any vlans side.

      Thanks in advance.

      1 Reply Last reply Reply Quote 0
      • V
        viragomann
        last edited by

        What has this to do with NAT 1:1? Have you set up any?

        If you haven't, to get the origin source IP at the destination host on WAN side turn off Outbound NAT. Firewall > NAT > Outbound
        However, if you do that you have to add routes for the networks behind pfSense to the firewall in front.

        An other option is to set the Outbound NAT to hybrid or manual mode and add a rule to the WAN interface with destination = ADs 192.168.1.0/24 and check "Do not NAT".

        1 Reply Last reply Reply Quote 0
        • Q
          qzvt
          last edited by

          Hi Viragomann,

          I have no nat 1:1 now I have setting from your mentions to set to hybrid and created a wan no nat. So my client could access the internet but cannot access to 192.168.1.0/24 Have you any idea?

          I looking system logs –> firewall didn't any log from my ping test.

          Thanks in advance.

          1 Reply Last reply Reply Quote 0
          • V
            viragomann
            last edited by

            You'll also need routes to get it work. As you want to see the origin IPs (not NAT) there are routes necessary to direct the packets to the right device.

            Assuming pfSense is the default gateway for the networks behind it and the firewall in front (10.10.10.2) is the default gateway in 192.168.1.0/24 and on pfSense, you need to add static routes for the network behind pfSense to the front firewall pointing to 10.10.10.1.

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.