Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Advised for this nat problem.

    Scheduled Pinned Locked Moved NAT
    7 Posts 3 Posters 538 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • perikoP
      periko
      last edited by

      Hello.
      I have a new services from my ISP that I receive, is a MPLS, let me show u the image maybe is more clear.
      MPLS.png

      I have communication with my ISP remote server, but looks like my NAT is causing that went my packets reach the destiny they arrive with my PF WAN MPLS IP 172.23.X.Y and they need to be my Client1 IP.

      What I need to change to make this possible?

      Thanks all for your time, happy holidays!!!

      Necesitan Soporte de Pfsense en México?/Need Pfsense Support in Mexico?
      www.bajaopensolutions.com
      https://www.facebook.com/BajaOpenSolutions
      Quieres aprender PfSense, visita mi canal de youtube:
      https://www.youtube.com/c/PedroMorenoBOS

      NogBadTheBadN johnpozJ 2 Replies Last reply Reply Quote 0
      • NogBadTheBadN
        NogBadTheBad @periko
        last edited by NogBadTheBad

        @periko The issue is that your ISP is using RFC 1918 address space.

        There is an option under the WAN interface to enable/ disable Block private networks and loopback addresses

        Andy

        1 x Netgate SG-4860 - 3 x Linksys LGS308P - 1 x Aruba InstantOn AP22

        1 Reply Last reply Reply Quote 0
        • johnpozJ
          johnpoz LAYER 8 Global Moderator @periko
          last edited by johnpoz

          @periko you would need to disable outbound nat if you want your isp to see your client IP.. Out off the box pfsense does outbound nat to whatever its wan IP is.

          @NogBadTheBad those rules on wan would only stop inbound traffic into wan address that you wanted to forward to something behind thee nat.. That is unsolicited inbound traffic, has nothing to do with a client behind pfsense started a conversation with some rfc1918 address upstream of pfsense.

          An intelligent man is sometimes forced to be drunk to spend time with his fools
          If you get confused: Listen to the Music Play
          Please don't Chat/PM me for help, unless mod related
          SG-4860 24.11 | Lab VMs 2.8, 24.11

          perikoP 2 Replies Last reply Reply Quote 1
          • perikoP
            periko @johnpoz
            last edited by

            @johnpoz hello.

            In my case I have 3 networks, u mean, change my NAT to manual and remove the network involve from NAT?

            Thanks for your help.

            Necesitan Soporte de Pfsense en México?/Need Pfsense Support in Mexico?
            www.bajaopensolutions.com
            https://www.facebook.com/BajaOpenSolutions
            Quieres aprender PfSense, visita mi canal de youtube:
            https://www.youtube.com/c/PedroMorenoBOS

            johnpozJ 1 Reply Last reply Reply Quote 0
            • johnpozJ
              johnpoz LAYER 8 Global Moderator @periko
              last edited by johnpoz

              @periko Or just a hybrid rule that when talking to that destination IP do not nat, etc .

              hybrid.jpg

              Using whatever your client and destination IP is.. Since I would assume you maybe want to nat that client when talking to other stuff?

              An intelligent man is sometimes forced to be drunk to spend time with his fools
              If you get confused: Listen to the Music Play
              Please don't Chat/PM me for help, unless mod related
              SG-4860 24.11 | Lab VMs 2.8, 24.11

              1 Reply Last reply Reply Quote 0
              • perikoP
                periko @johnpoz
                last edited by periko

                @johnpoz I see this option in the top of my NAT:

                4aae1f73-12f5-4a60-a4a6-855c30d85cfc-image.png

                4181e903-e3da-47f7-9a48-56e3a3b78cd7-image.png

                This is the option that I need?

                Thanks.

                Necesitan Soporte de Pfsense en México?/Need Pfsense Support in Mexico?
                www.bajaopensolutions.com
                https://www.facebook.com/BajaOpenSolutions
                Quieres aprender PfSense, visita mi canal de youtube:
                https://www.youtube.com/c/PedroMorenoBOS

                johnpozJ 1 Reply Last reply Reply Quote 0
                • johnpozJ
                  johnpoz LAYER 8 Global Moderator @periko
                  last edited by johnpoz

                  @periko yeah if you don't want that whole network to not nat, then yeah that would work.. I would pick IPv4 only on such a rule. And you would need to need to make sure it in the correct location in your hybrid rules - they evaluate in order.

                  So you created a hybrid nat, or your doing manual nat.. I never understand why anyone would do manual.. If you need to do something other than the normal automatic nat, then just create a hybrid rule for the stuff you want to do different, etc.

                  An intelligent man is sometimes forced to be drunk to spend time with his fools
                  If you get confused: Listen to the Music Play
                  Please don't Chat/PM me for help, unless mod related
                  SG-4860 24.11 | Lab VMs 2.8, 24.11

                  1 Reply Last reply Reply Quote 0
                  • First post
                    Last post
                  Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.