Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    NAT Help

    Scheduled Pinned Locked Moved NAT
    4 Posts 2 Posters 2.4k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • A
      adambmedent
      last edited by

      Looking to use pfsense as a core router in our network.  Looking to isolate 5 networks and use pfsense to provide routing between the networks.

      10.80.x <- Server LAN
      10.75.x <- Wireless
      10.70.x <- PC LAN
      192.168.99.x <- Lab Network
      65.114.41.x <- Production Network

      The 10.80.x network is going to have the default gateway.  I can communicate just fine from a device behind pfsense to all other networks but the 65.114.41.x.  I can ping machines on the 65.114.41.x network from pfsense but not from a device behind pfsense.

      Currently we run a CentOS machine to act as our gateway to the 65.114.41.x network, this machine simply masquerades all 10.80.x traffic to the 65.114.41.x IP.  I would like to achieve the same idea with pfsense but so far I am not having the best luck.  I disabled all NAT to see if that would work but that also didn't seem to help.

      I also verified that its not the firewall on the recieving device.  I don't get any traffic from the device behind pfsense when using tcpdump.  If I ping from pfsense I can see the traffic in the tcpdump, not sure what is stopping the traffic on pfsense.  I also tried disabling the firewall all together in the advanced settings.

      I appreciate the input!

      1 Reply Last reply Reply Quote 0
      • johnpozJ
        johnpoz LAYER 8 Global Moderator
        last edited by

        Which one of those interfaces in pfsense is the WAN interface?  the 10.80 since you have a gateway on it?

        I would turn off NAT and make sure your not blocking private networks

        Confused about your statement of your centos box so its doing nat from 10.80 to this 65.114.41 network?

        An intelligent man is sometimes forced to be drunk to spend time with his fools
        If you get confused: Listen to the Music Play
        Please don't Chat/PM me for help, unless mod related
        SG-4860 24.11 | Lab VMs 2.8, 24.11

        1 Reply Last reply Reply Quote 0
        • A
          adambmedent
          last edited by

          @johnpoz:

          Which one of those interfaces in pfsense is the WAN interface?  the 10.80 since you have a gateway on it?

          I would turn off NAT and make sure your not blocking private networks

          Confused about your statement of your centos box so its doing nat from 10.80 to this 65.114.41 network?

          I actually just reconfigured and left DHCP as the WAN interface, then placed the 10.80.x network on the LAN interface and 65.114.41.x on the OPT1 interface.

          The CentOS box is doing linux masquerading which simply masq's all source traffic as the outgoing interface.  I don't think this is the same as NAT, but I could be wrong.

          I would think the following would atleast make things work.
          Disable all packet filtering.
          Note: This converts pfSense into a routing only platform!
          Note: This will also turn off NAT!
          If you only want to disable NAT, and not firewall rules, visit the Outbound NAT page.

          1 Reply Last reply Reply Quote 0
          • A
            adambmedent
            last edited by

            I had routing on my devices pointing to another 65.x router.  As soon as I change this, all is well.  I appreciate the input!

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.