NAT is not translating the inside IP address of my interface



  • I'm having an issue where I can't NAT through a Pfsense firewall but if I plug my Sophos firewall back in it works perfectly fine.

    The Pfsense is passing the public IP address to my Apache webserver. Therefore the Apache web server is not replying to the packets. They go into the interface of my Linux box but never come back out. So my question is how to I make the Pfsense actually Nat the packets where it shows the packet originating from the inside interface of my Pfsense firewall?

    Not working on pfsense
    tcpdump -i eth0 port 80

    16:59:18.736383 IP %(#ff0303)[wsip-184-188-xxx-x.ph.ph.cox.net.3735]2 > 192.168.10.252.http: Flags [S], seq 4034308795, win 65535, options [mss 1460,sackOK,TS val 3305876528 ecr 0,nop,wscale 8], length 0

    Working on my Sophos(192.168.10.254 is my firewall inside interface
    tcpdump -i eth0 port 80

    16:41:30.907165 IP 192.168.10.252.http > 192.168.10.254.5761: Flags [S.], seq 1596308802, ack 2978886407, win 28960, options [mss 1460,sackOK,TS val 1180624404 ecr 487250977,nop,wscale 7], length 0
    16:41:30.936149 IP 192.168.10.254.5761 > 192.168.10.252.http: Flags [.], ack 1, win 217, options [nop,nop,TS val 487250985 ecr 1180624404], length 0


  • LAYER 8 Netgate

    Port Forwards translate the destination address, etc.

    Outbound NAT translates the source address, etc.

    Make an outbound NAT rule for source any destination 192.168.10.254 port 80 with a NAT address of the pfSense interface address (192.168.10.252) on the 192.168.10.0/24 interface.


Log in to reply