How does PFsense rewrite nat IP's (or port/forwarding/1to1 nat problem)



  • Hihi

    my problem in a nutshell

    when I do a port redirect or 1to1 NAT and try and use it the return (source) address does not get rewritten.

    I would presume that when a packet comes from the WAN and gets passed on to LAN the source IP would be the PFsense LAN Ip and not the original WAN IP.

    –-----> default gateway (dedicated line)
                                |
    LAN firewall/vpn-----|
                                |        pfLan          pfWan ---- line1
                                --------> PFsense ------------ line2        pfOpt1
                                                            pfOpt2 ---- line3

    so if i do a 1to1 nat on line1 to our other firewall/vpn the packet gets to the firewall, but the packet source is still the original real world ip on the internet and thus gets routed over the other default gateway and not the same route that the packet was received on and does not work

    Am i missing some setting that I need to enable to get this working?



  • This is how NAT works.
    What you want is source NAT.

    This came up once and i suggested to enable Advanced outbound NAT, and NAT from the WAN to the LAN.
    However, i never got feedback if that worked
    (It was just an idea, i never actually tried that)


Log in to reply