Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    NAT not passing traffic from WAN-2

    NAT
    1
    1
    835
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • H
      htsguru
      last edited by

      Running successfully pfSense 2.1.4, entire class 'C' with 1-WAN, 1-LAN, 3-DMZ currently.
      Attempting to transition LAN to private net and use 2nd WAN with 3 IP's from cable provider.
      Will move to future WAN failover, but simply putting a few local machines on separate net is current goal.
      NOT trying to do dual WAN now. Just need simple NAT for 2nd WAN to a few dedicated machines for now.

      current (working)…
      WAN-1: x.x.x.2/24 default gateway x.x.x.1 (to router) - shows Online
      LAN-1: x.x.x.65/26

      new (including above)...
      WAN-2: y.y.y.43/27 gateway y.y.y.33 (Cisco 3010 transparent bridge) - shows Online
      WAN-2: y.y.y.44/27 IP Alias
      WAN-2: y.y.y.45/27 IP Alias
      LAN-1: 192.168.43.1/24 Proxy ARP (I've tried IP Alias too)

      Turned on AON months ago.
      ADDED Outbound rule: WAN-2 net:192.168.43.0/24 any any any WAN-2 address any no (1st rule at top)

      • the rest of the outbound rules were auto generated for WAN-1 prior to WAN-2 config

      Rules (specific to NAT - existing class C rules work fine)...
      WAN-2: IPv4 192.168.43.0/24 any any any
      WAN-2: IPv4 any any 192.168.43.0/24
      WAN-2: IPv4 any any WAN-2 address
      WAN-2: IPv4 WAN-2 address any any any
      LAN-1: IPv4 192.168.43.0/24 any any any
      LAN-1: IPv4 any any 192.168.43.0/24

      I am running tcpdump on firewall box...
      WAN-2: y.y.y addresses
      LAN-1: 192.168.43 addresses

      host200: 192.168.43.200/24 gateway 192.168.43.1

      • test machine with only private net

      • ping y.y.y.33 from host200 - see ICMP echo request, but no reply on LAN-1
        (no web http replies or DNS replies either)

      • I see gateway ping checks on WAN-2

      • could ping 192.168.43.1 when using IP alias

      • now with IP Proxy, I can't ping 192.168.43.1

      • I can ping y.y.y.33 on WAN-2

      Simply looks like the NAT isn't passing between the private net and the WAN interface.
      Just trying to get .43 working now, I will add 192.168.44.0/24 and 192.168.45.0/24 NAT for other IP's later.

      I spent a week on this last November and just spent another 3 days on it now.
      I have scoured the forums and net, but I can't see what I'm doing wrong.
      I'm sure I've overlooked something !!

      Any help or guidance would be very much appreciated.

      BTW, pfSense is absolutely incredible. Better interface and more capability than the big expensive product we used for years prior.

      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.