Any way to preserve source address instead of NAT'ing?



  • Hello,

    I am using pfsense between two LAN segments.  One side is connected to the WAN, the "outside" network that I don't manage, and the LAN interface is connected to the network I manage.

    I need the source addresses that are on the LAN segment to show up on the WAN side when people make connections. I don't want one of the firewall's IPs to show up when someone SSH'es through to another host on the WAN side.

    I thought I had this working, but it doesn't seem to be anymore.  I am using CARP, and not bridging.  I do not want to bridge if I can help it.

    Is there a way to do this?  Perhaps not using the WAN interface, and just using LAN and an OPT interface? Am I missing something obvious?



  • Not 100% sure of this, but try the following: in NAT, go to outbound, and switch to AON (manual NAT).  It will create a default rule.  Then, manually create a new rule where the destination is the subnet for the WAN.  Click the checkbox at the top that says "no NAT".  Then, make sure you move that rule to be before the default one.  Give that a try?



  • Thanks - I'll give that a try… sounds like it work work perfectly.


Log in to reply