Dual WAN, Static WAN IPs and outgoing nat

  • Hello,

    within the doc it is not clearly written, so may i ask for this info please.

    Ive a DUAL WAN setup with Loadbalancing and Failover pools.
    Both WANs (WAN, OPT1) each of them connecting with static IPs to routers which dialin to my ISPs (getting dynamic IPs).

    Do i need outbound NAT Rules on WAN and OPT1 at pfsense for this ? If yes maybe there is DOUBLE NAT, because the routers which dialin to my ISPs already "must" NAT ? Just wondering …

    Thanks for the info

  • http://doc.pfsense.org/index.php/MultiWanVersion1.2  is the doc you should be following

    You do not need outbound NAT rules. pfSense deals with the NAT stuff by itself

  • Thank you for your reply sai,
    but what i like to know is … and this is NOT written in the mentioned doc ... if i have a DOUBLE NAT scenario then. Could you point me out on this ?


  • If you have double NAT you dont need to do anything on the pfSense.
    For the pfSense it doesnt matter if the WAN-side IP is in a network you control or if it's a public IP.

    2 things you have to watch out for:

    • If the subnet between your pfSense and your modem lies within a private range you need to configure on the WAN-config-page that private networks are no longer being blocked (per default private networks are blocked on WAN).

    • If you want to host something behind the pfSense or want tu use upnp you need to make port-forwards on the router(the modemrouter) before your pfSense.

    In a config i have running i just have a NAT-mapping from 1-65535 to the WAN IP of the pfSense.

  • Thank you GruensFroeschli,

    i think i'll not touch my current configuration, i already insert the pfsense WAN-ports in my routers "exposed host" section.

    Afterwards i will change/remove the pfsense and try it with an hardware dual wan/loadbalancing router (Lancom 1811)

    Thanks all anyway for your answers

Log in to reply