Do i need to to Turn Off NAT on my Mikrotik router,while Pfsense hanfout Leases

OpenWifi

Hello Guys, i would like your suggestions. So i have a Mikrotik router and a pfsense router. My plan is to setup the Mikrotik as the Loadbalancer and pfsense SG-2440 as the router handing out leases to Clients. So my question is ; Do i need to turn off NAT on Mikrotik ?

stephenw10

What sort of NAT? Outbound?

What sort of load-balancing is it doing? The NAT may be required there for it to work.

It's generally better to have public IPs on the pfSense WAN(s) but I have no idea if Mikrotik can pass those and still load-balance.

That's assuming the Microtik will be on the pfSense WAN side.

Steve

NollipfSense

@OpenWifi I also used a pfSense/Mikrotik combination in my network; however, I let the pfSense be in charge of WAN and the Mikrotik in charge of LAN ... so, the Mikrotik issues client leases as well as DNS cache with pfBlockerNG on pfSense as the ultimate DNS resolver. It's double natted, but I have never experienced any problem ... so, I let it be.

If I were you, I would let pfSense do the load balancing as well as IDS/IPS. I really like both pfSense and Mikrotik despite my network training started with Mikrotik.

OpenWifi

@NollipfSense Hello, thank you for the suggestion, but you see the reason i would like to use Mikrotik as the loadbalancer and pfsense as the lease handler is because pfsense has so many great features that Mikrotik doesn't. For example; Ntopng lets me see what traffic is going through my network. OpenVpn lets me login remotely to the pfsense router, which i fear to loose that capability when i use Mikrotik as the lease handler.Another great feature, is that i am able to prevent any unauthorized dhcp clients using static ips and this happens automatically. I dont have to go to each and every of my client to set the static lease, the way Mikrotik does.

Gertjan

@OpenWifi said in Do i need to to Turn Off NAT on my Mikrotik router,while Pfsense hanfout Leases:

I dont have to go to each and every of my client to set the static lease

To set up a static DHCP lease you need the MAC of the client device.
Just look at the DHCP server log, locate the MAC, and create a DHCP Static lease entry.
Next time the lease is renewed, the assigned IP will get used.

No need to "go to the device".

stephenw10

More detail required. What and how are you load balancing?

NollipfSense

@OpenWifi said in Do i need to to Turn Off NAT on my Mikrotik router,while Pfsense hanfout Leases:

pfsense has so many great features that Mikrotik doesn't

That's why I prefer pfSense at the edge.

@OpenWifi said in Do i need to to Turn Off NAT on my Mikrotik router,while Pfsense hanfout Leases:

Ntopng lets me see what traffic is going through my network

For this you would need to disable NAT on the Mikrotik else all traffic would be coming from 192.168.1.100

@OpenWifi said in Do i need to to Turn Off NAT on my Mikrotik router,while Pfsense hanfout Leases:

I dont have to go to each and every of my client to set the static lease, the way Mikrotik does.

In Mikrotik, go to IP > DHCP Server > Lease ... if you click on the lease you'll see an interface tab like below ... notice one arrow points to "D" dynamic lease that you can "make static."