Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Need help to configure a routing pfSense Box without NAT

    Scheduled Pinned Locked Moved General pfSense Questions
    5 Posts 3 Posters 18.1k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • V
      viniciusferrao
      last edited by

      Hello People,

      I'm trying to setup a pfSense box to takeover on firewalling and routing.

      Here is my actual scenario:

      WAN –> MyFirewallBox --> Nortel Layer3 Switch with Routing --> MySubnets.

      All my subnets have real IP addresses, the FirewallBox runs an Old Linux with some kind of legacy gated for static leases for the /26 subnets.

      So I've questions and I'm accepting suggestions on how to reimplement this. Here are my considerations:

      1. I don't need NAT. Not at this time, but I would like to use it later. Perhaps I'll need some VLANs?
      2. I don't know with my FirewallBox runs this gated... I can post the configuration here if needed.
      3. Should my pfSense Box do the routing instead of the Nortel?
      4. There's another Layer3 router serving other subnets.
      5. Should I increase the network range to something more aggressive, like /22 or /20?
      6. My public IP's: (Sorry for masquerading initial octets)

          xxx.yyy.36.0 /24
          xxx.yyy.37.0 /24
          xxx.yyy.40.0 /24
          xxx.yyy.136.0 /24
          xxx.yyy.137.0 /24
          xxx.yyy.138.0 /24
          xxx.yyy.139.0 /24
          zzz.www.244.0 /24 (Offline at this moment)
      

      How my infrastructure works: the client A have an IP address of xxx.yyy.37.11; the connection go through the scheme:

      Client A –---> Nortel Layer 3 (multiple IP addresses) -----> MyFirewall -----> WAN.

      I'm trying to understand everything, I already got this infra ready and I want to understand it better and put better software to manage this. So basically I just want some advices on how to configure pfSense to do routing and firewalling without NAT. And in the future when I need NAT what are the requirements to do this? Do I need another network interface only for NAT clients? May I set some VLAN to those?

      Thanks for any help and sorry for english mistakes.

      1 Reply Last reply Reply Quote 0
      • johnpozJ
        johnpoz LAYER 8 Global Moderator
        last edited by

        To completely disable NAT to have a routing-only firewall, do the following.

        Go to the Firewall -> NAT page, and click the Outbound tab.
            Select the option "Manual Outbound NAT rule generation (Advanced Outbound NAT (AON))" and click Save.
            Remove all automatically generated NAT rules at the bottom of the screen.
            Apply changes

        To completely disable NAT and all firewall function from all interfaces, do the following. Note that you will skip the previous section ("Disable NAT") when taking this approach.

        Go to the System: Advanced page and click the Firewall / NAT tab.
            Check the box to "Disable Firewall / Disable all packet filtering."
            Save changes.

        http://doc.pfsense.org/index.php/Outbound_NAT

        An intelligent man is sometimes forced to be drunk to spend time with his fools
        If you get confused: Listen to the Music Play
        Please don't Chat/PM me for help, unless mod related
        SG-4860 24.11 | Lab VMs 2.8, 24.11

        1 Reply Last reply Reply Quote 0
        • V
          viniciusferrao
          last edited by

          @johnpoz:

          To completely disable NAT to have a routing-only firewall, do the following.

          Go to the Firewall -> NAT page, and click the Outbound tab.
              Select the option "Manual Outbound NAT rule generation (Advanced Outbound NAT (AON))" and click Save.
              Remove all automatically generated NAT rules at the bottom of the screen.
              Apply changes

          To completely disable NAT and all firewall function from all interfaces, do the following. Note that you will skip the previous section ("Disable NAT") when taking this approach.

          Go to the System: Advanced page and click the Firewall / NAT tab.
              Check the box to "Disable Firewall / Disable all packet filtering."
              Save changes.

          http://doc.pfsense.org/index.php/Outbound_NAT

          I'm aware of this documentation. But I can't put it to work correctly. As example I can't find the right place to define the static routes.

          1 Reply Last reply Reply Quote 0
          • johnpozJ
            johnpoz LAYER 8 Global Moderator
            last edited by

            system -> routing - routes

            An intelligent man is sometimes forced to be drunk to spend time with his fools
            If you get confused: Listen to the Music Play
            Please don't Chat/PM me for help, unless mod related
            SG-4860 24.11 | Lab VMs 2.8, 24.11

            1 Reply Last reply Reply Quote 0
            • stephenw10S
              stephenw10 Netgate Administrator
              last edited by

              Looking at your diagram it seems more likely that your existing device is configured as transparent firewall.
              Does that seem possible?

              Steve

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.