NAT with Multi Subnets



  • New guy to pfSense…

    I am trying to configure my pfSense server to act as a gateway/firewall for my two cisco routers.  I am unable to gain internet connectivity from the routers as of now.  Here is what I have:

    ----- HomeLAN Router 10.2.10.2  -----  FA0/1  192.168.1.5
    pfSense (10.2.10.1) ---->Hp ProCurve--<                                                             
                                                                      ----- BackUpHomeLAN Router 10.2.10.3 ---- FA0/1 10.3.30.1

    I have full connectivity between the two routers and subnets, just not able to access the internet...

    I have no idea how to configure NAT or firewall rules to allow the 192.168.1.0 and the 10.3.30.0 networks to gain internet connectivity.  I have only 2 NICS, on my server, but that shouldn't be this issue correct?

    What NAT rules and Firewall rules do I need in order to make this work?

    Thanks in advance for the help.


  • Banned

    You need to configure routes to 192.168.1.0/24 and 10.30.30.0/24 on pfSense, not mess with NAT. (BTW, double/multi-NAT sucks, why are you doing this in the first place…)


  • LAYER 8 Global Moderator

    Yeah with doktornotor – Multiple nats should always be LAST option, where there is no other way.  Why would you nat between rfc1918 address in the same network is beyond me.  Now if it was remote and you did not have control over their network, and they are overlapping on yours and you can not renumber yours which would be better option than Natting ;)  Then OK.

    But from what it looks like your setup there should be no reason to nat anything on the LAN side of pfsense - sure let it nat to the public internet..  But for all your internal segments just route.  And use pfsense to create firewall rules between your segments as needed.



  • So my issue wasn't NAT, I didn't have the correct gateways nor routes established.  Problem is now fixed, thanks for the advice, double NATing does seem like a nightmare….


Log in to reply