Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    NAT to get to subnet when router doesn't have a route.

    Scheduled Pinned Locked Moved
    NAT
    2
    3
    158
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • D
      Dale_3rd
      last edited by

      Is there a way to NAT to a network when a router doesn't have a route in it? A fiber company has a metro switch with a route to another building so I'm able to route traffic to the other location fine. I have to set my default gateway to the metro IP address so all traffic hits it first, then bounces back to the building A pfsense appliance if the metro doesn't have a route to a network I'm trying to reach. So for example 192.168.0.0/24, building A, can communicate with 192.168.1.0/24, building B. I have a pfSense appliance at building B too, and I setup another interface and network, lets say 192.168.22.0/24. From the 192.168.1.0/24 network, I can ping devices on the 192.168.22.0 network, but from building A, I just get TTL expiry because the metro doesn't have a route to that network and it sends the traffic back to building A's pfsense appliance, which does have a route to the network I'm trying to get to, so it send the traffic back to the metro. Viola, TTL expiry.

      I was wondering if there was a way to NAT around this so traffic destined for the 192.168.22.0/24 network gets translated to an available 192.168.0.0/24 address which will route fine.

      Thanks all.

      johnpozJ 1 Reply Last reply Reply Quote 0
      • johnpozJ
        johnpoz LAYER 8 Global Moderator @Dale_3rd
        last edited by

        @Dale_3rd So your not currently natting at pfsense to what your metro-e address is..

        What is this transit your using.. What is the IPs you put on the pfsense wan interfaces at both locations?

        An intelligent man is sometimes forced to be drunk to spend time with his fools
        If you get confused: Listen to the Music Play
        Please don't Chat/PM me for help, unless mod related
        SG-4860 24.03 | Lab VMs 2.7.2, 24.03

        D 1 Reply Last reply Reply Quote 0
        • D
          Dale_3rd @johnpoz
          last edited by

          @johnpoz Thanks for the reply. The metro interface address at building A is 192.168.0.252. Building A WAN address is the ISP address, building B WAN is 192.168.1.252, the gateway IP assigned to the metro at that location.

          I know the setup isn't correct. I should have the firewall address as the gateway with a route to other networks setup such that all traffic not seeking another network, just goes out the WAN address and when traffic is seeking an internal network, it gets properly routed. However, when I do that, it doesn't work. I think it's because I have yet another pfsense firewall at another location with it's own ISP/WAN. Dual WAN's from a single exit point are easy, but I haven't figured out how to make it work reliably if one ISP goes down to send traffic out of another networks WAN. For now, it "works", I'm trying to see if I can solve this one issue and clean up the rest down the road.

          Thanks.

          1 Reply Last reply Reply Quote 0
          • First post
            Last post