Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    How do you use a separate physical gateway to do NAT and pass it through pfsense

    Scheduled Pinned Locked Moved NAT
    2 Posts 2 Posters 714 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • T
      timb0
      last edited by

      My situation is that I have a pfsense server doing captive portal/firewall etc and a local gateway which is a different router and plugs into the DSL modems. I would like this local gateway to perform NAT and then have the pfsense not do NAT and just route the packets through. The DHCP server will still be on pfsense but the assigned gateway IP would be the real Internet gateway.

      Lets make it like:

      LAN (192.168.0.1-192.168.0.253) - PFsense LAN Side (192.168.0.254) PFsense WAN side (192.168.1.1) WAN Router NAT (192.168.1.254) Internet

      So 'Wan Router' would be doing NAT only as otherwise it would do NAT to the pfsense box and then pfsense would do NAT to the LAN.

      As the pfsense would be acting more like a router I don't see the issue. but how would I set this up? First off I can't easily pass packets from the WAN side to the LAN side, ie from the WAN router (192.168.1.1) I can't ping the PC 192.168.0.1.  I have tried adding firewall rules to allow traffic through but would like to add routes but on the routing page it says don't do this,

      Is this evena  good thing to do, it seems like it would reduce one level of NAT in our network but is there extra security concerns?

      Any help much appreciated!

      1 Reply Last reply Reply Quote 0
      • V
        viragomann
        last edited by

        Why don't you kick the router away and let pfSense do the whole work?

        If you want to use DHCP and captive portal on pfSense it would be inevitable to have different subnets configured at its interfaces, so it will have to do NAT also.

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.