Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    BUG: Cannot turn off NAT on WAN port

    Scheduled Pinned Locked Moved NAT
    4 Posts 3 Posters 2.0k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • X
      xbmcg
      last edited by

      Hallo everybody.

      I have trouble turning off the NAT engine.

      Mode:

      • Automatic outbound NAT rule generation (IPsec passthrough included) deselected
      • Manual Outbound NAT rule generation (AON - Advanced Outbound NAT) SELECTED
      • all mapping ruless deleted
      • changes saved and applied according

      According to this:

      Note:
      With automatic outbound NAT enabled, a mapping is automatically created for each interface's subnet (except WAN-type connections) and the rules on this page are ignored.
      If manual outbound NAT is enabled, outbound NAT rules will not be automatically generated and only the mappings you specify on this page will be used.
      If a target address other than a WAN-type interface's IP address is used, then depending on the way the WAN connection is setup, a Virtual IP may also be required.
      To completely disable outbound NAT, switch to Manual Outbound NAT then delete any NAT rules that appear in the list.

      However, I am always exposed with the WAN Interface address to the outside (still got NAT-ed).

      When I disable the firewall in the advanced settings, I am routed properly to he target with my IP address.

      As soon as I re-enable the Firewall, I get NAT-ed again.

      Seems to be a BUG in the UI (not all rules are shown) or in the description how to turn off NAT.

      Any help appreciated.

      :'(

      1 Reply Last reply Reply Quote 0
      • C
        cmb
        last edited by

        It works fine as described. If you have Squid enabled with transparent proxying, that will by its nature change the source IP on any proxied traffic. Otherwise you just have to do as described:
        http://doc.pfsense.org/index.php/How_can_I_completely_disable_NAT%3F#Disable_NAT

        1 Reply Last reply Reply Quote 0
        • X
          xbmcg
          last edited by

          Thank you.

          I have not installed squid, but the HAVP service. The Proxy is set to transparent - however it seems not to be transparend, but NAT-ing.
          If I disable transparent AV scanning, the firewall routed me accordingly.

          Maybe this needs to be mentioned somewhere in the documentation.

          1 Reply Last reply Reply Quote 0
          • jimpJ
            jimp Rebel Alliance Developer Netgate
            last edited by

            "Transparent" proxying it means transparent to the client - meaning, they don't need to change their settings.

            It does not mean it is transparent to the network.

            Anything that proxies is going to change the source address to that of the proxy (without some hacked-up Linux-proprietary tproxy mojo going on)

            That's just how proxies work by their nature. The proxy is the one requesting the pages from the servers, not the client.

            Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

            Need help fast? Netgate Global Support!

            Do not Chat/PM for help!

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.