Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    pfsence no NAT subnet alocated by ISP

    Scheduled Pinned Locked Moved NAT
    5 Posts 3 Posters 466 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • R
      r3mus
      last edited by

      Hello to all.

      At the moment i have an TP Link AC1900 with NAT disabled as i get a subnet class ( 8 Internet IP's ) from my ISP so i got on the router ( WAN ) the main IP and submask + Gateway and DNS servers then on ( DHCP ) side i got the subnet IP alocation with a diffrent IP/subnetmask/gateway and same DNS servers.

      What im trying to do is to replace de router with the pfsense and do the same thing plus keep the firewall as i have a good spec PC that i can push to 1 GB conection speed however on tp link i only get 400 mbps due to nat boost been off and no longer having the router to do the NAT.

      So i have installed pfsense and set it up, however i turned off Firewall > NAT on the Outbound tab , set the wan side with all the details provided by ISP and on the lan side i set the dhcp with the details provided by ISP.

      At the moment i can ping wan side an internet address but i can not ping from the lan side.

      Schematic.

      pfsense address wan side ( IP 5.2.x.x - mask 255.255.255.0 - gateway 5.2.x.1 - dns 1 dns 2)
      pfsense address lan side ( IP 81.x.x.57 -mask 255.255.255.248 - gateway 81.x.x.57 -dns 1 dns2 )
      pfsense DHCP ( IP's 81.x.x.57 to 81.x.x.62 mask 255.255.255.248 - gateway 81.x.x.57 dns 1 dns 2)

      So the lan side i connected to a swich and then connect the devices directly to the internet IP's

      But i can not access the internet from lan side , only from wan side. I will be gracefuly to whoever can help me out on finding the correct steps in making this work.

      Best Regards.

      pttP 1 Reply Last reply Reply Quote 0
      • pttP
        ptt Rebel Alliance @r3mus
        last edited by

        @r3mus said in pfsence no NAT subnet alocated by ISP:

        pfsense address lan side ( IP 81.x.x.57 -mask 255.255.255.248 - gateway 81.x.x.57 -dns 1 dns2 )

        Best Regards.

        https://docs.netgate.com/pfsense/en/latest/routing/connectivity-troubleshooting.html

        https://docs.netgate.com/pfsense/en/latest/nat/outbound-nat.html

        https://docs.netgate.com/pfsense/en/latest/interfaces/using-public-ip-addresses-on-an-interface.html

        1 Reply Last reply Reply Quote 0
        • stephenw10S
          stephenw10 Netgate Administrator
          last edited by stephenw10

          When you connect a client on the LAN side do they get an IP in the correct subnet via DHCP?

          What firewall rules do you have on LAN? The default rule should allow out that traffic if you have not changed it.

          Check the pfSense routing table in Diag Routes, do you have default route shown? If not make sure the WAN gateway is set as default in General > Routing.

          Steve

          1 Reply Last reply Reply Quote 0
          • R
            r3mus
            last edited by

            Thanks all for the answers. I have actualy gone through pfsense book and found what i need it .

            • https://docs.netgate.com/pfsense/en/latest/book/routing/routing-public-ip-addresses.html?highlight=routing%20public%20ip

            It saved my life and work like a charm . Question , does pfsense has a antivirus package or mail antivirus ?

            1 Reply Last reply Reply Quote 0
            • stephenw10S
              stephenw10 Netgate Administrator
              last edited by

              The only package currently available is ClamAV which is part if the Squid package. It can scan cached http(s) traffic.

              Steve

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.