NAT Pfsense wan in other lan

  • Hi,

    Just started with a pfsense box on our company 2.0 RC3.

    For a test lab we installed a pfsense box with lan 172.18.x.x the wan side is in our corporate lan 172.20.x.x (wan ip

    Everything is working fine except sometimes we see the source ip of a client from the 172.18.x.x network is showed as source ip

    Is there an option to keep the original source ip addresses without turning off nat on the pfsense box.

    Thanks in advance.

  • any idea on this issue?

  • If you don't want your pfSense to NAT the IPs behind its LAN interface, goto Firewall -> NAT -> Outbound and check Manual Outbound NAT rule generation (AON - Advanced Outbound NAT) and remove the auto-generated rules.

    Depending on your topology and requirements, you might also need to tinker with firewall rules (e.g. pfsense by default comes with a rule that blocks private RFC 1918 network IPs on its WAN) and static routes.

  • okay i give it a try.

    There is also an option do not nat in the auto nat created rules.

    Where is this option used for?

  • Rules are processed from top to down.

    If you want to NAT your network out, but want to exclude a single IP.
    1. rule, noNAT -> single IP
    2. rule, NAT -> your network

    The single IP would not be NATd, but the rest of the network would.

  • Hi Jannus,

    I think I'm having the same problem as you.  See ->,41743.0.html

    Did you ever get this issue resolved?  If so, what worked for you?


Log in to reply