NAT for a not-directly connected subnet



  • Hello,
    I'm testing a pfsense (1.2 RC2) to divide (and nat) my office network from my server network.
    For standard features (wan with 1 public address, lan with 1 private address like 192.168.56.1/255.255.248.0) all is working fine and I can nat my private network (192.168.56.0/255.255.248.0) without problems.
    I need also to NAT a second network for a remote office.
    This remote office is connected by a router that's phisically connected to the "LAN" switch, and use another private class (192.168.32.0/255.255.248.0).
    The configuration is the following:
    Remote office PCs use 192.168.32.x IP addresses and use 192.168.32.1 as default gateway (the ethernet interface of the remote p2p router)
    point-to-point remote router use my point-to-point local router as default gateway.
    my point-to-point local router is connected to my LAN switch and has got local IP address 192.168.56.3/255.255.248.0 in LAN interface
    Default gateway of the point-to-point local router is 192.168.56.1 (the LAN interface of my pfsense)
    In my pfsense I have a static route for 192.168.32.0/255.255.248.0, that use 192.168.56.3 as gateway.

    About routing, all is working fine (from a PC in remote site, I can reach my pfsense) but my pfsense cannot NAT remote (192.168.32.0/255.255.248.0) Ip addresses, even if I'm sure that I create correct NAT rules.
    Does somebody know if it's possible to do that?
    Is there some kind of bug in latest pfsense?
    Thank you.
    Marco.



  • It's possible, and it's done automatically if you aren't using advanced outbound NAT.  Definitely not any bugs related to that in 1.2, I do exactly what you're talking about and it works fine.



  • Hi,

    I have the same issue :

    Wan -> Pfsense (192.168.1.254) <–> Lan 1 : 192.168.1.0/255.255.255.0 <---> (192.168.1.214) Gateway (192.42.14.254) <-- Lan 2 : 192.42.0.0/255.255.0.0

    Nat from Lan 1 to Wan is ok
    ping between lan 1 and lan 2 are ok. pfsense see machine in Lan 2 too

    un static route, I have :
    Interface  Network                    Gateway              Description
    LAN          192.42.0.0/16  192.168.1.214  Sous-Réseau Salle 14

    But i can't access Wan From Lan 2 (with automatic outbound NAT).

    I switch NAT outbound to manual, and st a new rules, so i have this ( the first one is from automatic config) :

    Interface  Source  Source Port  Destination  Destination Port  NAT Address  NAT Port  Static Port  Description 
    WAN        192.42.0.0/24   *                   *                       *                     *                   *                  NO              Salle 14
    WAN        192.168.1.0/24   *                   *                       *                     *                   *                  NO              Auto created rule for LAN

    With this,  Pcs one Lan 2 can resolve ns, but dn't  access the web ..

    It's very strange, and after many test, i can't  find how to resolve this.

    Did you have any idée for this?? i begin to be very desesperate about this (2 days one this..)

    thanks

    Jérôme



  • @ender:

    un static route, I have :
    Interface  Network                    Gateway              Description
    LAN          192.42.0.0/16  192.168.1.214  Sous-Réseau Salle 14

    You are routing to 192.42.0.0/16, But only NATing 192.42.0.0/24…
    @ender:

    Interface  Source  Source Port  Destination  Destination Port  NAT Address  NAT Port  Static Port  Description 
    WAN        192.42.0.0/24   *                   *                       *                     *                   *                  NO              Salle 14



  • hi,

    have see that, and corect it, but still don't work ..



  • I hav proceed to more tests, and on new issue is that, from the client 192.42.14.198 (LAN2), i can't traceroute the pfsense gateway, and from the pfsense gateway, i can't traceroute the client on LAN2.
    The traceroutestop à my LAN1/LAN2 gateway, but the ping  works!!

    Can it com]e from my LAN1/LAN2 gateway? here is its configuton :

    
    qw-14:/home/jerome# ifconfig
    eth0      Lien encap:Ethernet  HWaddr 00:50:04:1D:B0:7C  
              inet adr:192.168.1.214  Bcast:192.168.1.255  Masque:255.255.255.0
              UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
              RX packets:2140 errors:0 dropped:0 overruns:0 frame:0
              TX packets:766 errors:0 dropped:0 overruns:0 carrier:0
              collisions:0 lg file transmission:1000 
              RX bytes:179096 (174.8 KiB)  TX bytes:89501 (87.4 KiB)
              Interruption:11 Adresse de base:0xa000 
    
    eth1      Lien encap:Ethernet  HWaddr 00:01:03:03:9F:AF  
              inet adr:192.42.14.254  Bcast:192.42.255.255  Masque:255.255.0.0
              UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
              RX packets:501 errors:0 dropped:0 overruns:47 frame:0
              TX packets:117 errors:0 dropped:0 overruns:0 carrier:0
              collisions:0 lg file transmission:1000 
              RX bytes:69929 (68.2 KiB)  TX bytes:10950 (10.6 KiB)
              Interruption:5 Adresse de base:0x2400 
    
    
    
    qw-14:/home/jerome# route
    Table de routage IP du noyau
    Destination     Passerelle        Genmask          Indic   Metric  Ref    Use  Iface
    192.168.1.0     *                     255.255.255.0    U        0         0        0    eth0
    192.42.0.0      *                      255.255.0.0        U        0         0        0    eth1
    default          192.168.1.254   0.0.0.0              UG       0         0        0    eth0
    
    
    
    qw-14:/home/jerome# cat /proc/sys/net/ipv4/conf/all/forwarding 
    1
    
    

Log in to reply