NAT off firewall ON?
-
Is it possible to turn nat off and to have functional firewall?
I have PFS machine that works as router only, connecting 5 networks, but i would like to block two of them that users do not see the rest of the 3 networks.
Thanks
-
Yes, there have been a few threads about that. Search the forum for this.
-
i tried before posting but no luck :(
-
try this:
http://doc.pfsense.org/index.php/How_can_I_completely_disable_NAT%3F
-
hm, tried to play with this, no results :(
if there is something to watch ?this is how i have turno off nat
http://img193.imageshack.us/i/nat1j.jpg/but that is also how firewall is turned off
and with this i could not make it run
http://img109.imageshack.us/i/nat2.jpg/advice, please
thanks -
First picture: With this you disable the whole NAT and the firewall.
You dont want this.Second picture: You deleted the rule, but didn't switch to manual rule generation.
Activate manual rule generation and it will work. -
did done that before, this is rule that i apply to…
http://img121.imageshack.us/img121/5503/natoff.jpg
http://img199.imageshack.us/img199/5697/natoff1.jpgthis didnt work :( (turn back to first option)
-
Don't set "no NAT".
Delete the rule. -
nope,
it seems that nat is off, but port forward does not work (from other - first pfs machine through this one)with rule i set up, same thing
oh yes, and from first PFS machine i cant ping any interface on second pfs machine, when i turn back on option to turn off nat and firewall everything is fine.
but i need firewall on this second machine, do this is not solution.
I think i will have to sacrifice one interface and wan leave empty and use OPT instead? -
If you disable NAT, then you can no longer use portforwards. A simple firewall rule is all that is needed.
That's the whole idea behind disabling NAT
–> You dont need to use portforwards, because everything is routed. -
no, things works like this first PFS machine is conected to ISP router, and it is firewall/proxy/vpn etc…
(only 2 nics)second one (6 nics) is connected to first one, and second one connects multiply networks into one, BUT, i dont want users to see each other so i need firewall that works.
And port forward, i need it to forward ports from internet to internal radius etc... whic is connected to one of 6 interfaces on second PFS.
i didnt try to use opt interface on second pfs as WAN interface, bit i think it would work. ?