NAT with Cisco switch as gateway



  • I'm having a difficult time understanding the need to have pfsense as the gateway for the nat'd device.

    My setup included a DSL modem that is bridged to the pfsense appliance.

    The pfsense has the public IP address on the WAN interface.  I setup a port forward for anything destined to the wan on port 443 to forward to my internal device.

    The internal device sits on a VLAN that the pfsense has ability to reach however the device has a gateway that points to the cisco switch that handles all vlan routing.

    The default gateway of the cisco switch is the pfsense appliance.  I guess from a networking side I don't see why the gateway needs to be pfsense as all the traffic should flow back to the pfsense in the end if its leaving the network.

    My nat isn't working at the current time and the only thing I could figure is everyone says to make sure pfsense is the gateway, but why is my questions.  Any help would be greatly appreciated!



  • If the Cisco switch is doing the vlan routing there isn't a need to have the device pointed to pfsense for the gateway. My guess would be to check your routing or your firewall rules on the pfsense box.



  • By saying routing you mean, that you have L3 switch?
    which catalyst you have and what is the config in it?



  • If the return route goes back to the pfSense machine, then you should not have to set the pfSense as the gateway. I would verify setup on pfSense by pointing the system to the pfSense machine as its gateway. If it works, then you might have a routing problem in the Cisco. If it does not, then there is a setup problem within pfSense that needs to be resolved.



  • My Bad!!! Well not technically my bad, but my co-worker created a dns record externally and was off by one number on the ip address.  This was causing my tests to fail.  All is well and pfsense was right on.  Thanks for the quick replies all!



  • Hello all,
    i m also facing port forwarding and nat problem
    its not working.

    my configuration is go to firewall - nat- port forward - interface wan - protocol -tcp - source- any, port range - any
    destination - wan address- port 3389 , target ip 172.16.17.145 target port 3389 - save .
    then i have to create a rule for lan from any to lan .

    also its not working anybody can help me for this .

    Thanks alot in advance.

    A Mohan Rao
    +91 98260 61122
    mohanrao83@gmail.com


Locked