Outbound NAT: Disable NAT for specific host
-
Hey guys,
I would like to disable NAT for a specific Host. I´ve got an PBX (192.168.50.1) without any STUN functionality in front of the pfSense (192.168.100.1) . When my ip phone (192.168.100.50) is registered, the PBX wants to connect on the pfSense (192.168.100.1) IP. So the solutions would be, to disable NAT for my ip phone. Adding a NAT rule to redirect traffic won´t work, later there should be mutliple ip phones in the network 192.168.100.0/24. I´ve tried the following:
1.) Changed outbound NAT mode to "Hybrid Outbound NAT rule generation"
2.) Added a manual mapping
Do not NAT: Enabled
Interface: WAN
Protocol: any
Source: 192.168.100.50
Destination: 192.168.50.1Notice:
There are multiple gateways for network traffic (Load balanced with failover).Excuse my bad engish ;-)
-
Why would you be natting rfc1918 to rfc1918 in the first place for ANY device? Sure ok pfsense is a downstream firewall/router in your rfc1918 networks.
Why would you nat these? Nat should happen at the edge when you change these rfc1918 to public.. Do you have overlapping rfc1918 networks?
-
The pfSense is right behind the provider router (192.168.50.1 PBX and provider router). I didn´t thought about disabling NAT completely.
I´ve got no overlapping rfc1918 networks.
Do I have to consider anything when disabling NAT?
I know the doc: https://www.netgate.com/docs/pfsense/nat/outbound-nat.html#pfsense-2-2-and-later -
yeah you have to consider that the router upstream will allow the downstream networks and has route to get to them.
Sounds more like you want this device to actually be on the 192.168.50 network vs any sort of routing. You can not put the same network on both sides of pfsense. Unless you were going to use it as a transparent bridge..
-
I don´t want to make a transparent bridge and won´t use the same network on both sides. So I try to add some static routes on both sides and disable the NAT functionality.