Help me with NAT OUT don't work

  • Hi all.
    When I read NAT field in pfSense, I tried to created 1 NAT OUT for all clients in my internal network can access to Internet, but all client cann't access to Internet, follow is configure that I created:

    In my configuration, I disabled firewall rule for all client access to Internet to try NAT OUT feature. If I enabled the rule, client can access to Internet
    Can you help me to fix it, thanks all.

  • correct me if i'm wrong, but thats the behavior i would expect.
    nat out rule just says what outgoing address you are using.

    as far as i know pfsense blocks all traffic by default. so if you are disabling the outgoing firewall rule (Default allow LAN to any rule), your pf will block all outgoing connections.

    so the configuration should be read like this:
    bock all (INVISIBLE)
    allow from to …
    allow ...

  • Your firewall works like you've done setups.
    What do you want to achieve?

  • NAT and rules are two different things. If you block the traffic, which is what you're doing, it doesn't matter what you're doing with NAT.

  • So what diffrence between rule allow all user can access to internet with NAT OUT

  • with nat computer change ip-address, like -> pfsense -> if I got someones ip-address)

    Without NAT pfsense can work like router, so you can connect between different (v)lan's -> pfsense -> still, but connected device is on /23 subnet

    With firewall rules you determine, what trafic is allowed to passthrough

Log in to reply