Best place for NAT



  • Im pretty good at networking, but this question has really caused some problems.
    Ive spent a week reading about this, but cant come up with a definitive solution.

    The question is simple, where is the best place to NAT, PFsense or the modem.

    ISP–->Modem->[NAT-->PFSense in bridged mode-->Rest of network.

    or

    ISP--->Modem> [xxx.xxx.xxx.xxx/29--->PFSense---->[NAT--> rest of network.

    I have multiple IPs so can use the first and use the public IPs on the boxes inside the network and use PFsense in transparent mode, or use the second and have PFSense takecare of all the IPs and just forward them to internal IPs.

    Hope that makes sense... your thoughts please.


  • Rebel Alliance Developer Netgate

    It's best to do NAT on pfSense, and not your modem.

    pfSense is ideally at the "edge" of your internal network, with the WAN side of pfSense having a public IP and when used that way has the greatest flexibility.


Locked