Newbie Question: Should NAT be switched off on the ADSL Router?



  • ???

    My Setup is Internet->Netgear ADSL Router->Pfsense WAN-> LAN, similar to many others out there I'm sure.

    So I've figured out my Netgear ADSL Router doesn't seem to offer transparent bridging. I have also noted from this forum it's a good idea to DMZ to the pfsense WAN IP, ok done.

    My question is, should disable the NAT on the Netgear router? I havn't tried it yet, but what nags in my head is pfsense and the netgear router trying to do the same NAT job. Surely they can't both convert my internal IP's to public IP's.

    Thanks in advance, I'm learning slowly.



  • Hello,

    @properdiamondgeezer:

    My Setup is Internet->Netgear ADSL Router->Pfsense WAN-> LAN, similar to many others out there I'm sure.

    So I've figured out my Netgear ADSL Router doesn't seem to offer transparent bridging. I have also noted from this forum it's a good idea to DMZ to the pfsense WAN IP, ok done.

    My question is, should disable the NAT on the Netgear router? I havn't tried it yet, but what nags in my head is pfsense and the netgear router trying to do the same NAT job. Surely they can't both convert my internal IP's to public IP's.

    good point - since you didn't say what your netgear router is actually natting, its hard to say whether you need it.  ;)
    My guess is: Your router is doing a source-nat of all traffic from lan to wan  (masquerading) . If so, you'll need it. (In theory you don't have to nat if pfsense has a public wan ip or your isp is natting), but i don't think this applies to you  :).



  • Thanks yanosz,

    So am If I am understanding correctly, the NAT on the Netgear router is handling the translation from the public IP to the Netgear router's internal IP. Since my router won't offer transparent bridging, I have no choice, but to leave this on. The NAT on pfsense is handling the translation of the WAN port's IP (in the same range as the Netgear Router) to my internal LAN. Hopefully that's right?



  • Don't disable the NAT on the external device.  You can disable NAT either when you're using public (non RFC1918) IP addresses, or when you can put the device into bridging/transparent mode.

    Right now, were to you to disable NAT you'd cut yourself off from the Internet since all packets leaving your network would have the IP of your pfSense host, which isn't routable from the Internet.



  • Hello,

    @properdiamondgeezer:

    Thanks yanosz,

    So am If I am understanding correctly, the NAT on the Netgear router is handling the translation from the public IP to the Netgear router's internal IP. Since my router won't offer transparent bridging, I have no choice, but to leave this on. The NAT on pfsense is handling the translation of the WAN port's IP (in the same range as the Netgear Router) to my internal LAN. Hopefully that's right?

    kind of  ;) - just to be clear "(in the same range as the Netgear Router)" is (usually) private (non-wan-style) address range.

    Keep smiling
    yanosz


Log in to reply