NAT Conflicting Subnets
-
I've been trying to create a NAT rule for a conflicting subnet but cant get it to work.
My problem is that we have a shared office where we need access to a printer controlled by the other party. The other party uses a subnet that is already in use by our company, we can call it 192.168.0.0/24.
We share the "network room" so i can physically connect their network to my pfsense router on a specific vlan interface (100).
So far I've tried below setup,
-
Setup the VLAN 100 with an DHCP address
-
Create a 1:1 rule on VLAN 100 interface with
- external net 10.20.100.0
- internal network 192.168.0.0/24
- Destination any
- Add static route for 10.20.100.0/24 to VLAN 100 interface
- Open the required ports on VLAN 100 interface firewall
-
-
@voxel
Not clear, how you think this could even work.Without an additional device, all the NAT stuff has to be done on the other router. They must assign an additional subnet to the interface facing to you and nat an IP to the printer.
On your pfSense you need also to assign this subnet to an interface and state the other IP as gateway (this enables masquerading).If that's not possible to do you would need an additional NAT-route in between yours and theirs.
-
For something like this I’ve used twice NAT.
The concept is you NAT the source and NAT the destination IPs.
You will need to create portforwards along with an outbound NAT. The outbound NAT should be in a range thats not conflicting.
Twice NAT is complicated but works in cases where you get an overlap.
The better solution would be to ReIP the printer if possible -
@michmoor
Yeah, you are correct. I should look at outbound nat instead.In the end I made a static /32 route for the printer to the interface connected to the "guest" network.
-
Yeah you can do this if you have a tunnel or transport subnet between the two locations are can NAT the traffic at both ends.
It sounds like you are trying to have the 192.168.0.0/24 subnet on two interfaces on the same pfSense router here though. That cannot work.