• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

Need help to configure a routing pfSense Box without NAT

Scheduled Pinned Locked Moved General pfSense Questions
5 Posts 3 Posters 18.1k Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • V
    viniciusferrao
    last edited by Sep 11, 2012, 8:22 PM

    Hello People,

    I'm trying to setup a pfSense box to takeover on firewalling and routing.

    Here is my actual scenario:

    WAN –> MyFirewallBox --> Nortel Layer3 Switch with Routing --> MySubnets.

    All my subnets have real IP addresses, the FirewallBox runs an Old Linux with some kind of legacy gated for static leases for the /26 subnets.

    So I've questions and I'm accepting suggestions on how to reimplement this. Here are my considerations:

    1. I don't need NAT. Not at this time, but I would like to use it later. Perhaps I'll need some VLANs?
    2. I don't know with my FirewallBox runs this gated... I can post the configuration here if needed.
    3. Should my pfSense Box do the routing instead of the Nortel?
    4. There's another Layer3 router serving other subnets.
    5. Should I increase the network range to something more aggressive, like /22 or /20?
    6. My public IP's: (Sorry for masquerading initial octets)

        xxx.yyy.36.0 /24
        xxx.yyy.37.0 /24
        xxx.yyy.40.0 /24
        xxx.yyy.136.0 /24
        xxx.yyy.137.0 /24
        xxx.yyy.138.0 /24
        xxx.yyy.139.0 /24
        zzz.www.244.0 /24 (Offline at this moment)
    

    How my infrastructure works: the client A have an IP address of xxx.yyy.37.11; the connection go through the scheme:

    Client A –---> Nortel Layer 3 (multiple IP addresses) -----> MyFirewall -----> WAN.

    I'm trying to understand everything, I already got this infra ready and I want to understand it better and put better software to manage this. So basically I just want some advices on how to configure pfSense to do routing and firewalling without NAT. And in the future when I need NAT what are the requirements to do this? Do I need another network interface only for NAT clients? May I set some VLAN to those?

    Thanks for any help and sorry for english mistakes.

    1 Reply Last reply Reply Quote 0
    • J
      johnpoz LAYER 8 Global Moderator
      last edited by Sep 11, 2012, 8:29 PM

      To completely disable NAT to have a routing-only firewall, do the following.

      Go to the Firewall -> NAT page, and click the Outbound tab.
          Select the option "Manual Outbound NAT rule generation (Advanced Outbound NAT (AON))" and click Save.
          Remove all automatically generated NAT rules at the bottom of the screen.
          Apply changes

      To completely disable NAT and all firewall function from all interfaces, do the following. Note that you will skip the previous section ("Disable NAT") when taking this approach.

      Go to the System: Advanced page and click the Firewall / NAT tab.
          Check the box to "Disable Firewall / Disable all packet filtering."
          Save changes.

      http://doc.pfsense.org/index.php/Outbound_NAT

      An intelligent man is sometimes forced to be drunk to spend time with his fools
      If you get confused: Listen to the Music Play
      Please don't Chat/PM me for help, unless mod related
      SG-4860 24.11 | Lab VMs 2.8, 24.11

      1 Reply Last reply Reply Quote 0
      • V
        viniciusferrao
        last edited by Sep 11, 2012, 8:41 PM

        @johnpoz:

        To completely disable NAT to have a routing-only firewall, do the following.

        Go to the Firewall -> NAT page, and click the Outbound tab.
            Select the option "Manual Outbound NAT rule generation (Advanced Outbound NAT (AON))" and click Save.
            Remove all automatically generated NAT rules at the bottom of the screen.
            Apply changes

        To completely disable NAT and all firewall function from all interfaces, do the following. Note that you will skip the previous section ("Disable NAT") when taking this approach.

        Go to the System: Advanced page and click the Firewall / NAT tab.
            Check the box to "Disable Firewall / Disable all packet filtering."
            Save changes.

        http://doc.pfsense.org/index.php/Outbound_NAT

        I'm aware of this documentation. But I can't put it to work correctly. As example I can't find the right place to define the static routes.

        1 Reply Last reply Reply Quote 0
        • J
          johnpoz LAYER 8 Global Moderator
          last edited by Sep 11, 2012, 8:47 PM

          system -> routing - routes

          An intelligent man is sometimes forced to be drunk to spend time with his fools
          If you get confused: Listen to the Music Play
          Please don't Chat/PM me for help, unless mod related
          SG-4860 24.11 | Lab VMs 2.8, 24.11

          1 Reply Last reply Reply Quote 0
          • S
            stephenw10 Netgate Administrator
            last edited by Sep 11, 2012, 10:04 PM

            Looking at your diagram it seems more likely that your existing device is configured as transparent firewall.
            Does that seem possible?

            Steve

            1 Reply Last reply Reply Quote 0
            5 out of 5
            • First post
              5/5
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
              This community forum collects and processes your personal information.
              consent.not_received