Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    LAN > NAT to WAN gateway IP > routed IP subnet. What have I missed?

    Scheduled Pinned Locked Moved NAT
    1 Posts 1 Posters 366 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • W
      webstaff
      last edited by

      Hopefully this is something simple I've missed but I cannot figure out what i'm missing.

      Here is the setup i'm struggling with:

      We have a 1Gbps fibre link inbound.

      With that we get a public /30 we then have a routed /25 to our address in the /30. We've split that /25 range to into a mix of smaller subnets, which we then have allocated for different services one of those is a /27 we've allocated to an interface for DHCP allocation with static mappings for some other tenants of the building we're in with no NAT and there own router.

      Everything else is then NAT'd, we've got a local office private /24, another /24 for some old servers with some 1:1 NAT's and other services NAT'd in and we also route a /28 subnet of that /25 we split back to one of our clients we're allocating from the /27.

      Everything works as expected but I've always had an issue with PFSense routing traffic from our private LAN range to that public /27 as a local route and not via the public address /30 we NAT out of, so I trying to make it so that the traffic from our private /24 goes out via the public /30 and back in so the clients in the /27 see the connection from our public NAT'd address and not are local range.

      I've had a play about with trying to get it working but I cannot figure out what i'm going wrong, in the Admin guide it says.

      Traffic will flow from LAN to this public subnet by default without NAT. If this behavior is not desired, adjust the LAN firewall and NAT rules accordingly. Additionally, policy routing may need to be bypassed to allow from LAN to this interface.

      Now I've tried specific NAT rules from LAN to /27 IP Block going via the /30 WAN Address we use, I've also tried messing with custom LAN firewall rules to no joy.

      The only thing I can get it to do it go from via LAN's gateway address straight to the IP address in the /27 anytime I try to force it via any of the public IP's as a NAT'd connection it just stops at PFSense.

      Interfaces
      WAN            > x.x.x.28/30            x.x.x.128/25 > routed to .30 on the Wan /30 and then split on PFSense
      Lan            > 10.100.0.0/24          NAT out via .30 on the WAN
      Sever Lan    > 10.50.0.0/24          NAT out fixed.
      Client Public > 62.254.31.224/27    No NAT
      All gateways first IP in range.

      So how do I make it work :) I want it to go LAN > NAT to WAN gateway IP > IP in /27 but i'm really struggling to route the traffic where I want.

      Any thoughts / suggestions.

      Best Regards
      Dave

      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.