Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    NAT with public routed pool

    Scheduled Pinned Locked Moved
    NAT
    2
    3
    495
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      mp45
      last edited by

      Hello,

      I am new to the forum but not new to pfsense. So far I was able to realize several setups with multiple WAN and LAN segements fine. The task on hand is somehow much more complicated.

      Background: for a large wifi installation several private LAN segments shall be NATed indiviually to public IPs thar are provided by our ISP. Therefore a /28 public IP block is routed to one of our our WAN addresses by our ISP (we have a different /26 block there). We want to use other IPs for the the solution for internal reasons. We have done such a setup once but used Juniper SRX routers wich is not possible in this case for monetary reasons. We have a dedicated box for the given solution.

      Given IPs (as private for privacy reasons)
      pfsense WAN: 10.1.61.203/26
      WAN ISP GW: 10.1.61.254/26
      routed IP block: 192.168.2.48/28
      simple static routing configured in ISP router
      client segments: 172.20.[0|8|16|24].0/21 in separate VLANS directly attached

      We planed for four individual NAT pools with 4 public IPs each wich is used by a larger private segment behind.

      The hint or direction to a maybe existing writeup of somethin is someho concentrating of how to get pfsense to route the IP block (firewalling/filtering shall be made during NAT) to our ISP and make it usable for the NAT pools?

      We already tested NAT pools with some other of our main public adresses but did not really see the round robin working as we did have only a few clients availabe this time. Testing it with something like Cisco's TRex system might be overfill and very timeconsuming (would be a first for us).

      Thkans in advance for any hint!
      MP.

      V 1 Reply Last reply Reply Quote 1
      • V
        viragomann @mp45
        last edited by

        @mp45
        You have add each IP of your /28 block as virtual IP of type IP Alias to your WAN. Then the IPs can be used in the outbound NAT settings.

        For instance to NAT 172.20.0.0/21 to the 192.168.2.48/30 pool, simply add an outbound NAT rule where the source is 172.20.0.0/21 and the translation address is other subnet > 192.168.2.48/30 and select the proper pool option.

        M 1 Reply Last reply Reply Quote 2
        • M
          mp45 @viragomann
          last edited by

          @viragomann
          I am stunned... THAT was an easy trick. Damn. Though much more complicated stuff involved...
          Thank you very much!
          Now I have to figure out why NAT-Pool with HASH is not working properly, the GUI does not accept the setting with a pool of four of the named adresses. Strange.
          Again, thank you!
          MP.

          1 Reply Last reply Reply Quote 1
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.