Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Need help with NAT and routing

    Scheduled Pinned Locked Moved NAT
    2 Posts 1 Posters 1.7k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • W
      walterpc
      last edited by

      I'm having some problems with my pfsense setup, which I think is atributed to NAT but maybe there is something else wrong.

      PF1 - Pfsense, perimeter firewall/nat (Lan=192.168.100.1) [static routes for 192.168.1.0 and 192.168.2.0 pointing to 192.168.100.5]
      PF2 - pfsense, inside router/firewall (WAN=192.168.100.5, LAN1=192.168.1.1, Lan2=192.168.2.1)
      UT - untangle transparent filter bridge for spam/web content etc.. (192.168.100.3)

      ISP – PF1 --UT -- PF2 -- LAN1/LAN2

      OK to start out, this setup works ok from the LAN side, but the problem I have is getting traffic into the LAN from the outside or the middle.
      PF1 is the one that I want to handle NAT of our public IPs. This has worked fine for a very long time without the PF2 and with a single LAN.

      But now I'd like to have two (or more) VLANs on the lan side, that all go through the web filter on their way out. PF2 should be acting as a router but with the ability to prevent traffic from routing to and from certain VLANs.

      I have put an allow ANY ANY on the wan interface and I can ping any IP in the LAN1 from PF1, UT, and a pC in the middle; but I cannot access any of the services running on that LAN.

      I tried following directions in the forums to turn off NAT on PF2 by going to outbound NAT, changing to manual outbound NAT, and then removing the only rule.
      As soon as I do this, I can no longer access anything from the LAN PCs (internet, PF1 lan,etc..)
      And this didn't help do anything with being able to access the LAN from the middle area. (pings seem to work ok both ways though. However I now cannot ping the PF1 WAN IP from the LAN pcs ??)
      I even tried going to advanced and checking the option to disable filtering and make it a router only but this had no effect, and neither did enabling RIP.

      If someone has any insight, I would greatly appreciate it.

      1 Reply Last reply Reply Quote 0
      • W
        walterpc
        last edited by

        Just an update to anyone that might try to do this.
        Problem 1 - the reason I couldn't get out past the PF1 was because the default LAN -> Any rule doesn't apply to the other subnets behind PF2. Once I added LAN rules for them, traffic out worked.
        Problem 2 - having Untangle in the middle between the two caused some complications in passing traffic from WAN side to the LAN side and through to PF2. This was easily remedied by adding static routes to the UT just as needed on the PF1 router.

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.