1 Interface needs to be NAT'd, one does not



  • Hello all,

    A 1st time user here.  We are testing PF in a test lab with some limitations on what we can do unfortunatly in terms of routing.  We have a /22 allocated to us and in the test lab we cannot route out with it. See attachment, but our LAN interface needs to be NAT'd behind our WAN, which from the testing we are doing it appears to be that way.  I am assuming all we need to do is to create a manual rule and make it for that subnet.  Let me know if this is not the correct way to apply NAT to a specific interface

    Our VLAN74 as you can see we do have this rule created for so I am assuming that means we are not NAT'ing this VLAN.  I have rules set up for VLAN 74 that state everything incoming/outgoing is allowed in the firewall.  (see attachment)

    Once on VLAN74 I can ping the WAN, but can't ping anything past it.  Which makes sense since we don't have routing set up past the WAN interface in our test lab.  Does this all sound correct?

    Does what we have set up NAT the LAN interface behind the WAN and make VLAN74 a public interface/DHCP pool?

    I appreciate the help.

    ![Firewall NAT Outbound.png](/public/imported_attachments/1/Firewall NAT Outbound.png)
    ![Firewall NAT Outbound.png_thumb](/public/imported_attachments/1/Firewall NAT Outbound.png_thumb)
    ![Rules for VLAN74.png](/public/imported_attachments/1/Rules for VLAN74.png)
    ![Rules for VLAN74.png_thumb](/public/imported_attachments/1/Rules for VLAN74.png_thumb)


Log in to reply