Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    SNAT Prerouting

    Scheduled Pinned Locked Moved NAT
    3 Posts 2 Posters 398 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • B
      barts
      last edited by

      Hi guys!

      I've been trying to make a simple SNAT configuration that I see works fine in FortGate/FTD/Checkpoint/Untagle/MikroTik but I cannot make it works in PFSense.

      That's my scenario:

      758862e7-e7c9-4622-88a3-0733745523d3-image.png

      How can I make a SNAT with an IP address that don't exists in PFSense?

      I've tried creating a Virtual IP address 10.10.10.10/32 on the inside interface and make Outbound NAT on the same inside interface using this virtual IP, but the packet goes out through the public-outside interface. It should makes the SNAT and encapsulate into the IPSec Tunnel.

      b8baa245-fb07-49a0-b619-10719ed57946-image.png

      Someone knows how to configure it?

      Thank you so much!

      V 1 Reply Last reply Reply Quote 0
      • V
        viragomann @barts
        last edited by

        @barts
        You have to do this inside IPSec using PNAT: NAT with IPsec Phase 2 Networks

        You can directly enter the server IP and a unused translation IP like 10.10.10.10 which is routed back to you.
        There is no need to assign that IP to an pfSense interface.

        B 1 Reply Last reply Reply Quote 1
        • B
          barts @viragomann
          last edited by barts

          Works by doing the NAT configuration on the IPsec Phase 2 and a static route to the remote subnet pointing to inside interface.

          NAT with IPsec Phase 2 Networks
          Routing and gateway considerations

          Thank you so much, @viragomann.

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.