The Dreaded Double NAT
-
OK so here is my setup, which I suppose is a double NAT. Before people suggest I change this, just know I cannot, due to my roommate and his work, so please don't suggest it, I know its the best option :-)
So here is my setup…
Modem (NOT in bridged mode, so essentially a NAT) (192.168.0.1) ----> WAN (192.168.0.3) PFSENSE LAN (192.168.1.1) ------> Wireless Router (192.168.1.2) (Doing DHCP Forward) -------> PC (IP 192.168.1.100) (Gateway 192.168.1.1)
So the PC seems to be just connecting to the wireless AP and interacting with the pfsense, webconfigurator is accessible. I cannot ping the Modem at the start of this network line, and obviously, I cannot call out to the internet. How would I set this up so that systems on the Wireless AP (the LAN) can call out to the internet, and therefore I am just using pfsense as a firewall/NAT?
Thanks for your help in advance :)
-
Get rid of double NAT. ;D
Just kidding.On the WAN interface, under "private networks" - you will see check-marks that basically disable the WAN from communicating from any RFC1918 (CLASS A, B, & C) networks. This is a good security measure, but since your WAN lies on RFC1918 space I would recommend disabling that to start with.
Also, you probably need to make sure that you have the proper gateway pointing to your first NAT device. This is done under System >> Routing.
Also, you can completely disable NAT in pfsense under the System >> Advanced >> Firewall/NAT. Note that this supposedly disables the firewall as well, which may or may not be what you want to do.
-
You could also change from auto nat to manual and remove any rules. This will keep the FW rules in place. This is called a routed solution. Your upstream devices just need a route to make sure that any traffic to and from your LAN net (in pfense) goes to the correct gateway. Otherwise, you just have to make sure that you have allow traffic from the different subnet nehind pfsense.