NAT Help



  • Looking to use pfsense as a core router in our network.  Looking to isolate 5 networks and use pfsense to provide routing between the networks.

    10.80.x <- Server LAN
    10.75.x <- Wireless
    10.70.x <- PC LAN
    192.168.99.x <- Lab Network
    65.114.41.x <- Production Network

    The 10.80.x network is going to have the default gateway.  I can communicate just fine from a device behind pfsense to all other networks but the 65.114.41.x.  I can ping machines on the 65.114.41.x network from pfsense but not from a device behind pfsense.

    Currently we run a CentOS machine to act as our gateway to the 65.114.41.x network, this machine simply masquerades all 10.80.x traffic to the 65.114.41.x IP.  I would like to achieve the same idea with pfsense but so far I am not having the best luck.  I disabled all NAT to see if that would work but that also didn't seem to help.

    I also verified that its not the firewall on the recieving device.  I don't get any traffic from the device behind pfsense when using tcpdump.  If I ping from pfsense I can see the traffic in the tcpdump, not sure what is stopping the traffic on pfsense.  I also tried disabling the firewall all together in the advanced settings.

    I appreciate the input!


  • LAYER 8 Global Moderator

    Which one of those interfaces in pfsense is the WAN interface?  the 10.80 since you have a gateway on it?

    I would turn off NAT and make sure your not blocking private networks

    Confused about your statement of your centos box so its doing nat from 10.80 to this 65.114.41 network?



  • @johnpoz:

    Which one of those interfaces in pfsense is the WAN interface?  the 10.80 since you have a gateway on it?

    I would turn off NAT and make sure your not blocking private networks

    Confused about your statement of your centos box so its doing nat from 10.80 to this 65.114.41 network?

    I actually just reconfigured and left DHCP as the WAN interface, then placed the 10.80.x network on the LAN interface and 65.114.41.x on the OPT1 interface.

    The CentOS box is doing linux masquerading which simply masq's all source traffic as the outgoing interface.  I don't think this is the same as NAT, but I could be wrong.

    I would think the following would atleast make things work.
    Disable all packet filtering.
    Note: This converts pfSense into a routing only platform!
    Note: This will also turn off NAT!
    If you only want to disable NAT, and not firewall rules, visit the Outbound NAT page.



  • I had routing on my devices pointing to another 65.x router.  As soon as I change this, all is well.  I appreciate the input!


Log in to reply