1:1 NAT
-
Generally speaking, I'm pretty good with VPN's and NAT and all the networking stuff. But for some reason I'm having trouble with this.
Oversimplified description:
I have a pfsense device whose sole function is to do NAT between a 10.x.x.x/24 network, and a 192.168.x.x/24 network. I connected the WAN side to 10.x.x.x/24, and the LAN is 192.168.x.x/24. Ideally, I would like a range of IP's to be 1:1 nat'd in both directions, and all traffic passed. But since that was proving more difficult than expected, I'm aiming low now, just trying to get SOMEthing to work.I went into NAT. No port forwarding. No 1:1. Outbound automatic.
I went into Interfaces / WAN. Clear the checkboxes for blocking private and bogon networks.
I went into Firewall Rules. The WAN and LAN interfaces each have one rule: permit everything.By using packet capture on pfsense I monitor traffic while I do this:
Using a 192.168.x.x client, I set static route to the 10.x.x.x network via the pfsense box. I ping a 10.x.x.x client.
In the packet capture, I see the ICMP Echo Request come in the LAN interface. I see the Echo Request go out the WAN interface, successfully NAT'd to the 10.x.x.x IP address of pfsense. I see the Echo Reply come back. But the Echo Reply does not go to the 192.168.x.x network. It seems pfsense NAT is forgetting about the connection, or firewall blocking.I go to System Logs / Firewall. (Clear the log, repeat the above tests). Nothing new appearing in the log.
-
Not sure what changed. I just ran through the Setup Wizard, entering all the same stuff that was already there. And then it started working. Maybe it just needed a reboot?