How do you use a separate physical gateway to do NAT and pass it through pfsense



  • My situation is that I have a pfsense server doing captive portal/firewall etc and a local gateway which is a different router and plugs into the DSL modems. I would like this local gateway to perform NAT and then have the pfsense not do NAT and just route the packets through. The DHCP server will still be on pfsense but the assigned gateway IP would be the real Internet gateway.

    Lets make it like:

    LAN (192.168.0.1-192.168.0.253) - PFsense LAN Side (192.168.0.254) PFsense WAN side (192.168.1.1) WAN Router NAT (192.168.1.254) Internet

    So 'Wan Router' would be doing NAT only as otherwise it would do NAT to the pfsense box and then pfsense would do NAT to the LAN.

    As the pfsense would be acting more like a router I don't see the issue. but how would I set this up? First off I can't easily pass packets from the WAN side to the LAN side, ie from the WAN router (192.168.1.1) I can't ping the PC 192.168.0.1.  I have tried adding firewall rules to allow traffic through but would like to add routes but on the routing page it says don't do this,

    Is this evena  good thing to do, it seems like it would reduce one level of NAT in our network but is there extra security concerns?

    Any help much appreciated!



  • Why don't you kick the router away and let pfSense do the whole work?

    If you want to use DHCP and captive portal on pfSense it would be inevitable to have different subnets configured at its interfaces, so it will have to do NAT also.