My NAT acting more like a bridge than NAT [SOLVED]

  • I've been banging my head against the wall on this for a few days.  Unfortunately, I'm not having much luck searching the forum for this problem, because I'm not sure what search terms describe the problem I'm having.

    I'll do my best to explain it here succinctly.

    My configuration:
    version: pfSense 2.0-Release

    –----LAN-------pfSense-------WAN----- ----------

    I have removed the "Block private networks" option from the WAN interface.
    Outbound NAT is configured to automatically create rules, although I have tried switching to AON also.

    The Problem:
    If a client on the LAN (ie: makes an HTTP connection to a web server on the WAN's network (ie:  The  web server receives the request, but it is coming from the address, rather than the pfSense WAN interface IP as I would expect.

    What I want to happen:
    I want any requests from the LAN side that go through the router to appear to be coming from the router's WAN ip address.  I expected that a default installation of pfSesnse would NAT in a way similar to a Linksys router.

    Can anyone help point me in the right direction?  What is this type of NAT called?  Are there any tutorials I should be aware of?

    Thank you so much for reading this!

  • Adding additional info.

    I've created the following outbound NAT rule (see attached image)

    It still isn't working though.  When I start a ping from my client ( and do a tcpdump on the WAN interface of the pfsense box, the address is still being passed through.

    06:32:28.464638 IP > ICMP echo request, id 20013, seq 1079, length 64

    If my WAN interface is, shouldn't that be showing up in the source address here?

    I'm very puzzled.  I would really appreciate any help you guys can provide!

    Thank you!

  • OMG - I'm such an idiot.

    I'm not sure why the default rules didn't work for me, but I figured out what my problem was.

    I looked at another pfsense install's default NAT rules and realized that the default outbound NAT rule for LAN to WAN is applied to the WAN interface…. (just like the hint says - Duh.)

    Anyway, I switched the rule from LAN to WAN... and it works exactly as I expect it would.

    Honestly, just explaining the problem on the forum helped me understand the problem enough to reach a solution on my own.  Thanks for just giving me a place to figure this out.. lol.

    I love pfSense. :)


Log in to reply