Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Help me with NAT OUT don't work

    NAT
    4
    6
    2039
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • L
      ltrgiang last edited by

      Hi all.
      When I read NAT field in pfSense, I tried to created 1 NAT OUT for all clients in my internal network can access to Internet, but all client cann't access to Internet, follow is configure that I created:


      In my configuration, I disabled firewall rule for all client access to Internet to try NAT OUT feature. If I enabled the rule, client can access to Internet
      Can you help me to fix it, thanks all.

      1 Reply Last reply Reply Quote 0
      • S
        samstre last edited by

        correct me if i'm wrong, but thats the behavior i would expect.
        nat out rule just says what outgoing address you are using.

        as far as i know pfsense blocks all traffic by default. so if you are disabling the outgoing firewall rule (Default allow LAN to any rule), your pf will block all outgoing connections.

        so the configuration should be read like this:
        bock all (INVISIBLE)
        allow from to …
        allow ...

        1 Reply Last reply Reply Quote 0
        • M
          Metu69salemi last edited by

          Your firewall works like you've done setups.
          What do you want to achieve?

          1 Reply Last reply Reply Quote 0
          • C
            cmb last edited by

            NAT and rules are two different things. If you block the traffic, which is what you're doing, it doesn't matter what you're doing with NAT.

            1 Reply Last reply Reply Quote 0
            • L
              ltrgiang last edited by

              So what diffrence between rule allow all user can access to internet with NAT OUT

              1 Reply Last reply Reply Quote 0
              • M
                Metu69salemi last edited by

                with nat computer change ip-address, like
                192.168.0.1 -> pfsense -> 200.223.1.25(sorry if I got someones ip-address)

                Without NAT pfsense can work like router, so you can connect between different (v)lan's
                192.168.0.1 -> pfsense -> still 192.168.0.1, but connected device is on 10.10.10.0 /23 subnet

                With firewall rules you determine, what trafic is allowed to passthrough

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post