Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    NAT with Multi Subnets

    Scheduled Pinned Locked Moved NAT
    4 Posts 3 Posters 1.1k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • W
      woodjl1650
      last edited by

      New guy to pfSense…

      I am trying to configure my pfSense server to act as a gateway/firewall for my two cisco routers.  I am unable to gain internet connectivity from the routers as of now.  Here is what I have:

      ----- HomeLAN Router 10.2.10.2  -----  FA0/1  192.168.1.5
      pfSense (10.2.10.1) ---->Hp ProCurve--<                                                             
                                                                        ----- BackUpHomeLAN Router 10.2.10.3 ---- FA0/1 10.3.30.1

      I have full connectivity between the two routers and subnets, just not able to access the internet...

      I have no idea how to configure NAT or firewall rules to allow the 192.168.1.0 and the 10.3.30.0 networks to gain internet connectivity.  I have only 2 NICS, on my server, but that shouldn't be this issue correct?

      What NAT rules and Firewall rules do I need in order to make this work?

      Thanks in advance for the help.

      1 Reply Last reply Reply Quote 0
      • D
        doktornotor Banned
        last edited by

        You need to configure routes to 192.168.1.0/24 and 10.30.30.0/24 on pfSense, not mess with NAT. (BTW, double/multi-NAT sucks, why are you doing this in the first place…)

        1 Reply Last reply Reply Quote 0
        • johnpozJ
          johnpoz LAYER 8 Global Moderator
          last edited by

          Yeah with doktornotor – Multiple nats should always be LAST option, where there is no other way.  Why would you nat between rfc1918 address in the same network is beyond me.  Now if it was remote and you did not have control over their network, and they are overlapping on yours and you can not renumber yours which would be better option than Natting ;)  Then OK.

          But from what it looks like your setup there should be no reason to nat anything on the LAN side of pfsense - sure let it nat to the public internet..  But for all your internal segments just route.  And use pfsense to create firewall rules between your segments as needed.

          An intelligent man is sometimes forced to be drunk to spend time with his fools
          If you get confused: Listen to the Music Play
          Please don't Chat/PM me for help, unless mod related
          SG-4860 24.11 | Lab VMs 2.8, 24.11

          1 Reply Last reply Reply Quote 0
          • W
            woodjl1650
            last edited by

            So my issue wasn't NAT, I didn't have the correct gateways nor routes established.  Problem is now fixed, thanks for the advice, double NATing does seem like a nightmare….

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.