NAT for a not-directly connected subnet

mgreflex

Hello,
I'm testing a pfsense (1.2 RC2) to divide (and nat) my office network from my server network.
For standard features (wan with 1 public address, lan with 1 private address like 192.168.56.1/255.255.248.0) all is working fine and I can nat my private network (192.168.56.0/255.255.248.0) without problems.
I need also to NAT a second network for a remote office.
This remote office is connected by a router that's phisically connected to the "LAN" switch, and use another private class (192.168.32.0/255.255.248.0).
The configuration is the following:
Remote office PCs use 192.168.32.x IP addresses and use 192.168.32.1 as default gateway (the ethernet interface of the remote p2p router)
point-to-point remote router use my point-to-point local router as default gateway.
my point-to-point local router is connected to my LAN switch and has got local IP address 192.168.56.3/255.255.248.0 in LAN interface
Default gateway of the point-to-point local router is 192.168.56.1 (the LAN interface of my pfsense)
In my pfsense I have a static route for 192.168.32.0/255.255.248.0, that use 192.168.56.3 as gateway.

About routing, all is working fine (from a PC in remote site, I can reach my pfsense) but my pfsense cannot NAT remote (192.168.32.0/255.255.248.0) Ip addresses, even if I'm sure that I create correct NAT rules.
Does somebody know if it's possible to do that?
Is there some kind of bug in latest pfsense?
Thank you.
Marco.

cmb

It's possible, and it's done automatically if you aren't using advanced outbound NAT.  Definitely not any bugs related to that in 1.2, I do exactly what you're talking about and it works fine.

ender

Hi,

I have the same issue :

Wan -> Pfsense (192.168.1.254) <–> Lan 1 : 192.168.1.0/255.255.255.0 <---> (192.168.1.214) Gateway (192.42.14.254) <-- Lan 2 : 192.42.0.0/255.255.0.0

Nat from Lan 1 to Wan is ok
ping between lan 1 and lan 2 are ok. pfsense see machine in Lan 2 too

un static route, I have :
Interface  Network                    Gateway              Description
LAN          192.42.0.0/16  192.168.1.214  Sous-Réseau Salle 14

But i can't access Wan From Lan 2 (with automatic outbound NAT).

I switch NAT outbound to manual, and st a new rules, so i have this ( the first one is from automatic config) :

Interface  Source  Source Port  Destination  Destination Port  NAT Address  NAT Port  Static Port  Description 
WAN        192.42.0.0/24   *                   *                       *                     *                   *                  NO              Salle 14
WAN        192.168.1.0/24   *                   *                       *                     *                   *                  NO              Auto created rule for LAN

With this,  Pcs one Lan 2 can resolve ns, but dn't  access the web ..

It's very strange, and after many test, i can't  find how to resolve this.

Did you have any idée for this?? i begin to be very desesperate about this (2 days one this..)

thanks

Jérôme

dotdash

@ender:

un static route, I have :
Interface  Network                    Gateway              Description
LAN          192.42.0.0/16  192.168.1.214  Sous-Réseau Salle 14

You are routing to 192.42.0.0/16, But only NATing 192.42.0.0/24…
@ender:

Interface  Source  Source Port  Destination  Destination Port  NAT Address  NAT Port  Static Port  Description 
WAN        192.42.0.0/24   *                   *                       *                     *                   *                  NO              Salle 14

ender

hi,

have see that, and corect it, but still don't work ..

ender

I hav proceed to more tests, and on new issue is that, from the client 192.42.14.198 (LAN2), i can't traceroute the pfsense gateway, and from the pfsense gateway, i can't traceroute the client on LAN2.
The traceroutestop à my LAN1/LAN2 gateway, but the ping  works!!

Can it com]e from my LAN1/LAN2 gateway? here is its configuton :

qw-14:/home/jerome# ifconfig
eth0      Lien encap:Ethernet  HWaddr 00:50:04:1D:B0:7C  
          inet adr:192.168.1.214  Bcast:192.168.1.255  Masque:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:2140 errors:0 dropped:0 overruns:0 frame:0
          TX packets:766 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 lg file transmission:1000 
          RX bytes:179096 (174.8 KiB)  TX bytes:89501 (87.4 KiB)
          Interruption:11 Adresse de base:0xa000 

eth1      Lien encap:Ethernet  HWaddr 00:01:03:03:9F:AF  
          inet adr:192.42.14.254  Bcast:192.42.255.255  Masque:255.255.0.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:501 errors:0 dropped:0 overruns:47 frame:0
          TX packets:117 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 lg file transmission:1000 
          RX bytes:69929 (68.2 KiB)  TX bytes:10950 (10.6 KiB)
          Interruption:5 Adresse de base:0x2400 

qw-14:/home/jerome# route
Table de routage IP du noyau
Destination     Passerelle        Genmask          Indic   Metric  Ref    Use  Iface
192.168.1.0     *                     255.255.255.0    U        0         0        0    eth0
192.42.0.0      *                      255.255.0.0        U        0         0        0    eth1
default          192.168.1.254   0.0.0.0              UG       0         0        0    eth0

qw-14:/home/jerome# cat /proc/sys/net/ipv4/conf/all/forwarding 
1