till now I have only used pfSense with WAN and LAN behind my AVM Fritzbox router. Now I would like to have 2 different network segments with different firewall rules (children...). So I have configured OPT interface as LAN2 (second LAN network segment) with its own network IP address. This worked perfect between LAN and OPT but I could not access any address outside the pfSense from the new OPT network.
Apparently I have to add NAT rules. I have "autoconfigured" the outbound NAT from pfSense. After that it worked! But I have some questions for my understanding.
This configuration means, that I have "double" NAT on my router and in the pfSense.
- Did I also have outbound NAT before (WAN and LAN only) but didn't know about this?
- Is it mandatory to have NAT and firewall with WAN, LAN and OPT? Could pfSense just work as firewall and router? (My WAN uses the private IP addresses as well behind the router.)
thanks for your quick reply. I am aware of this chapter in the book.
The question is why it was done apparently "automatically" for WAN/LAN before and why I had to click a button to generate the outbound NAT rules for WAN/LAN/OPT. Just to explain, is this new configuration maybe too slow and too complicated compared to the configuration before.
Did you run Manual Outbound NAT before your added the new OPT interface?
In manual mode you need to care about the outbound NAT yourself. However, switching to automatic and back to manual will also create the rules for all Interfaces.
Personally I like to have Hybrid Outbound NAT.