Nat 1:1 wan from vlan



  • Hi There,

    I have 2 vlans, 10 for guest and 20 for staff.

    vlan10 10.10.1.1/24
    vlan20 10.20.1.1/24

    (VM Guest)
      firewall 10.10.10.2 <–-> 10.10.10.1 (wan) pfSense (lan) 10.30.1.1/24 <---> switch <---> access point(Guest) vlan10
            |                                                                                                                    |<---> access point(Staff) vlan20
            |---> ADs 192.168.1.0/24

    For this configure it's worked but when vlan 20 has authenticated to ADs event log is show ip from wan interface of pfSense only. it's possible to get real ip from any vlans side.

    Thanks in advance.



  • What has this to do with NAT 1:1? Have you set up any?

    If you haven't, to get the origin source IP at the destination host on WAN side turn off Outbound NAT. Firewall > NAT > Outbound
    However, if you do that you have to add routes for the networks behind pfSense to the firewall in front.

    An other option is to set the Outbound NAT to hybrid or manual mode and add a rule to the WAN interface with destination = ADs 192.168.1.0/24 and check "Do not NAT".



  • Hi Viragomann,

    I have no nat 1:1 now I have setting from your mentions to set to hybrid and created a wan no nat. So my client could access the internet but cannot access to 192.168.1.0/24 Have you any idea?

    I looking system logs –> firewall didn't any log from my ping test.

    Thanks in advance.



  • You'll also need routes to get it work. As you want to see the origin IPs (not NAT) there are routes necessary to direct the packets to the right device.

    Assuming pfSense is the default gateway for the networks behind it and the firewall in front (10.10.10.2) is the default gateway in 192.168.1.0/24 and on pfSense, you need to add static routes for the network behind pfSense to the front firewall pointing to 10.10.10.1.