How to "NOT NAT traffic" sourcing from my internal network to a certain subnet



  • Hi, my company decided to switch ISPs and decided to buy from cBeyond a packaged internet solution which includes their own site-to-site VPN solution they call "On-Net VPN".  I had tried to convince my management to use pfSense's built-in VPN capability but the decision was made to go with cBeyond's packaged solution.

    Anyway, I still want to keep our pfSesne firewalls for other purposes such as content filtering.

    That said, this is what cBeyond told me to do (via email) in order to keep our firewalls.

    "you will need to create a rule in the LAN router to NOT NAT traffic sourcing from your internal network destinated to 192.255.100.0/24. This rule specifically states that the internal source address will not be replaced with the WAN IP address."

    My question is what do I actually have to do to "NOT NAT traffic"?



  • Just go to:
    FIREWALL - NAT - OUTBOUND

    There you will use "Manual Outbound NAT rule generation" and click save
    then delete all outbound rules out of nthe list if there existe some. Save.

    That's all. Now pfsense is routing only with firewall capabilities.

    If you would like to disable NAT AND firewall just got to:
    SYSTEM - ADVANCED - NETWORK/NAT:
    Disable Firewall

    Hope this will help you.

    PS: If you disable NAT your provider or the router ahead of pfsense needs static routes to your LANs behind pfsense.



  • Thank you for your quick reply!!!!


Locked