Basic Assistance Needed with NAT



  • I know that this is beneath the abilities of many on these forums as I have read through many of the posts.  I'm new to networking and REALLY new to pfSense.  Here's my problem:

    I am working on setting up a proof of concept on a wireless access point.

    I have a pfesense box with 3NICs but only two are really in use.
    1 - WAN setup on an external IP with a Gateway
    2 - LAN setup on 192.168.200.1/21

    I have a static WAP device setup on 192.168.200.3

    I have DHCP setup to hand out IPs in the 192.168.200.0/21 to 192.168.201.254/21 range.

    I am able to connect to my WAP and recieve an IP from the pool.  I am even able to get to the internet on the first PC that recieves an IP.  However, all other IP's are rejected from internet traffic.  I expect that this is due to NAT.  I tried using the Automatic outbound NAT rule generation as I assume that what I'm doing it rock simple.  Wanting to forward all internal LAN IP's through the single external WAN IP is quite basic and that's why I'm at a total loss as to why this is not working.  I tried even the manual outbound rules but they too fail to allow traffic outside.

    Here are my current NAT settings:
    Mappings:

    Interface   Source  Source Port  Destination  Destination Port  NAT Address  NAT Port  Static Port Description
    WAN 192.168.200.0/21 *       *           500       *               *       YES             Auto created rule for ISAKMP - LAN to WAN

    WAN 192.168.200.0/21 *       *           *                     *               *         NO             Auto created rule for LAN to WAN

    WAN 127.0.0.0/8 *       *           *                     *               1024:65535  NO             Auto created rule for localhost to WAN



  • The NAT looks fine. Make sure you add firewall rules on LAN from LAN subnet to *. Stick to a /24 subnet if you're new.



  • Have you disable DHCP on your Access Point?



  • @KurianOfBorg:

    The NAT looks fine. Make sure you add firewall rules on LAN from LAN subnet to *. Stick to a /24 subnet if you're new.

    I have set this up.

    I went with a /21 network because that's one of the paremeters I was asked to factor into the build.  I didn't really find the subnetting part to be all that difficult.  I can assure you though, on other test runs, I will stay on a .24 subnet to reduce the possible variable issues.



  • @panz:

    Have you disable DHCP on your Access Point?

    Yes DHCP is disabled on the WAP.



  • Reset pfSense and try again. This should work out of the box after creating a WAN connection using just the wizard.



  • @KurianOfBorg:

    Reset pfSense and try again. This should work out of the box after creating a WAN connection using just the wizard.

    Yea, I figured it out once I saw that you thought everything looked good.  I went back to the simple basics…and then I realized, that I was a moron and forgot to set the DNS server in the General Setup.  Plugged it in and wouldn't you know it...it works.


Log in to reply