Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    NAT & Gateway on different machines

    Scheduled Pinned Locked Moved NAT
    6 Posts 2 Posters 2.5k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • F
      Floh
      last edited by

      Hi,
      we're using 2 pfSense on different machines with 2 different IP. We're running servers (Web, Mail, etc…)which have 1 Gateway stored. Not every server are using same gateway (it depends on physical connection).
      Now I have a server use pfSense01 as Gateway but and I setup NAT on pfSense02. But it's not accessible from outside (IP of psSense02).

      What should I do in that case?
      cu Floh

      1 Reply Last reply Reply Quote 0
      • GruensFroeschliG
        GruensFroeschli
        last edited by

        If you want to use a different router for inbound traffic than the default gateway of the servers you need to do some kind of source NATing.

        You can do this by:
        Firewall –> NAT --> outbound
        Enable manual rule generation.
        Create a new rule with:
        Interface: LAN
        Source: any
        Destination: server_you_want_to_access.

        We do what we must, because we can.

        Asking questions the smart way: http://www.catb.org/esr/faqs/smart-questions.html

        1 Reply Last reply Reply Quote 0
        • F
          Floh
          last edited by

          @GruensFroeschli:

          If you want to use a different router for inbound traffic than the default gateway of the servers you need to do some kind of source NATing.

          You can do this by:
          Firewall –> NAT --> outbound

          Do you mean as following?
          Internet -> pfSense02 -> pfSense01 -> internal Server

          cu Floh

          1 Reply Last reply Reply Quote 0
          • GruensFroeschliG
            GruensFroeschli
            last edited by

            I dont follow you.
            From your previous description your setup looks like this:

            Internet –--------- pfSense1----\           
                                                        \            |---- Server_x
                                                        Switch----|----- Server_y
                                                        /          |----- Server_z
            Internet ----------- pfSense2-----/

            If Server_x has as default gateway pfSense1 and you want to connect to Server_x per NAT via pfSense2, the you need to setup source NATing as i described before.

            We do what we must, because we can.

            Asking questions the smart way: http://www.catb.org/esr/faqs/smart-questions.html

            1 Reply Last reply Reply Quote 0
            • F
              Floh
              last edited by

              Jupp, you understand right. So I have to do some rules as you suggested on pfSense02 but no change on pfSense01 is needed, right?

              1 Reply Last reply Reply Quote 0
              • GruensFroeschliG
                GruensFroeschli
                last edited by

                yes.

                We do what we must, because we can.

                Asking questions the smart way: http://www.catb.org/esr/faqs/smart-questions.html

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post
                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.