Nat 1:1 wan from vlan

  • Hi There,

    I have 2 vlans, 10 for guest and 20 for staff.


    (VM Guest)
      firewall <–-> (wan) pfSense (lan) <---> switch <---> access point(Guest) vlan10
            |                                                                                                                    |<---> access point(Staff) vlan20
            |---> ADs

    For this configure it's worked but when vlan 20 has authenticated to ADs event log is show ip from wan interface of pfSense only. it's possible to get real ip from any vlans side.

    Thanks in advance.

  • What has this to do with NAT 1:1? Have you set up any?

    If you haven't, to get the origin source IP at the destination host on WAN side turn off Outbound NAT. Firewall > NAT > Outbound
    However, if you do that you have to add routes for the networks behind pfSense to the firewall in front.

    An other option is to set the Outbound NAT to hybrid or manual mode and add a rule to the WAN interface with destination = ADs and check "Do not NAT".

  • Hi Viragomann,

    I have no nat 1:1 now I have setting from your mentions to set to hybrid and created a wan no nat. So my client could access the internet but cannot access to Have you any idea?

    I looking system logs –> firewall didn't any log from my ping test.

    Thanks in advance.

  • You'll also need routes to get it work. As you want to see the origin IPs (not NAT) there are routes necessary to direct the packets to the right device.

    Assuming pfSense is the default gateway for the networks behind it and the firewall in front ( is the default gateway in and on pfSense, you need to add static routes for the network behind pfSense to the front firewall pointing to

Log in to reply