• Hi foks,

    Is it possible to do NAT to 2 different LAN/subnet with 2 different network cards for each subnet with only one WAN IP? I want to segment the computers in my network so each division cannot access each other.

    I already got 6 interface in the computer, I'm planning to use it 1 for WAN interface, 1 for 192.168.5.* segment, and 1 for 192.168.1.* segment. Is that possible on pfsense? Currently the firewall runs  on OpenBSD 3.6's pf  and the above thing is working fine. But after I see the features of pfsense I'm interested to migrate as the OpenBSD is hard to maintain and pfsense got more features and easier to set up due to web management interface.



  • pfsense does NAT by default for any internal subnet going outside to WAN (if you want to change that behavior you have to use advanced outbound NAT and specify your own mappings). To block the different internal subnets against each other you just have to create some block rules followed by an allow to any rule at firewall>rules in the webgui.

  • Thanks for the reply :)
    So it means that if I set the LAN interface to ste1 with 192.168.5.* and set OPT1 interface to ste2 with 192.168.1.* the firewall automatically NAT all requests from each interface to WAN? I will try that tommorow.


  • exactly.