Do I need to adjust NAT
-
So basically I have two interfaces on my pfsense, one acting as the WAN (just connected to my home network) and I have LAN interface (point to point connection with a cisco router)
On the cisco router I have PAT configured so all addresses matching the network 172.16.36. 0 is translated on the interface going to the pfsense (192.168.254.0/30)
What I want to accomplish essentially is to be able to monitor endpoints in the firewall log. Right now all the logs in Status>system log>firewall just show the traffic coming from 192.168.254.2
Im a networking noob, so this might be a simple solution but how do I accomplish this? Do I have to also NAT the traffic coming from 192.168.254.0/30 subnet on the pfsense? From what I understand double NATing is a bad thing.
-
@npineiro said in Do I need to adjust NAT:
On the cisco router I have PAT configured so all addresses matching the network 172.16.36. 0 is translated on the interface going to the pfsense (192.168.254.0/30)
Why?
172.16.36. 0 is behind the Cisco?
192.168.254.0/30 the pfSense LAN?Can you provide a network map to get things clear?
-
-
@npineiro
So you need a static route for 172.16.36. 0/24 on pfSense pointing to the Cisco router.First you have to add the Ciscos IP 192.168.254.2 as a gateway on LAN in System > Routing > Gateways.
Then go to the Static Routes tab and add a route for 172.16.36.0/24 and select the Cisco at gateway.Also you need an outbound NAT rule on pfSense for 172.16.36.0/24:
Firewall > NAT > Outbound
Switch into the hybrid mode and save this.
Then add a new rule:
interface: WAN
source: network 172.16.36.0/24
destination: any
translation: interface addressThen you can remove the PAT rule on the Cisco, so that pfSense can see the origin source IP.
-
Thank you! This helped me
