Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    NAT on "LAN" interface

    Scheduled Pinned Locked Moved NAT
    2 Posts 1 Posters 406 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • A
      Ahira
      last edited by Ahira

      Hello everyone,

      Got an interesting scenario that I just can't figure out. The tldr is I need one of the lan ports of the pfsense to act as a WAN port to a downstream firewall. So:

      ISP 2.x.x.x
      |
      |
      pfSense WAN 2.x.x.251
      |
      |
      pfSense LAN2 10.10.10.1
      |
      |
      3rd party Firewall WAN 10.10.10.101
      |
      3rd party Firewall LAN 172.16.0.1
      |
      Client 172.16.0.x

      The client can't reach any ip beyond 172.16.0.1, which is the inside interface of the 3rd party FW. The FW itself can ping all the way to the internet, as can any client I place on the LAN2 interface. In the pfSense log, I see the FW dropping all the "natted" packets. So for example 10.10.10.101 to 8.8.8.8 is dropped. Now this packet was not initiated by the 3rd party FW, but by the client behind it (PAT is configured on 3rd FW outside int).

      I've configured wide open "any,any" rules. I've also confirmed this is only happening for packets that are translated by the 3rd FW.

      Any ideas? TIA!

      1 Reply Last reply Reply Quote 0
      • A
        Ahira
        last edited by

        For whatever funky reason, a reboot fixed this issue. Looks like the allow any any rules were not being loaded correctly.

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.