NAT Problem with different Segment

  • Hi Gurus of pfsense
    I have a problem with the configuration of my firewall (pfsense version 2.1.5)
    Let me explain the scenario of my network:
    I have a Switch Core with different VLAN created, for example:
    Vlan 1
    Vlan 10
    Vlan 20
    Vlan 80
    exist an interface (GigaEther1/1) that has this IP Address and the default gateway of the switch core is
    "ip route"

    The core Switch is connected to my firewall using the interface GigaEther1/1

    In my Firewall (pfsense) I configured the LAN Interface with the IP Address
    The WAN Interface was configurated wiht the parameters that my ISP gave me, like this WAN IP Address is a.b.c.18/28 and his default gateway is a.b.c.17
    Also I configured an route in System --> Gateway
    Name (LANGW)    Interface(LAN)        Gateway(

    Destination network (    Gateway(LANGW)

    The remaining parameters are set to default (NAT,etc)

    The problem is:
    From any host (like for example VLAN 10) I Observed that the ICMP not response (From my PC to Firewall) but I can access to WEB configuration (
    Another problem is that from any PC of any segment I cant not access to Internet (From My PC I tried a test of ICMP to, but  unsuccessfully)

    The Idea is that all computer of my network, Regardless of the segment in which theirs belong, go to internet using the Public IP Address  a.b.c.18/28

    Let me know is it a problem of NAT???, Or what else should I be doing wrong??

    I Appreciate  you suggestion/Comments

    For more practice I attached some diagrams
    Like the network
    IP address of the interfaces

    The rest of configured is setting by default

    As I mentioned the problem is that any user of the network can not access to Internet, what would by the problem. You thing that the problem would by the NAT Configuration (setting by default???)

    ![LAN Segment.jpg](/public/imported_attachments/1/LAN Segment.jpg)
    ![LAN Segment.jpg_thumb](/public/imported_attachments/1/LAN Segment.jpg_thumb)
    ![WAN Segment and DW Gateway.jpg](/public/imported_attachments/1/WAN Segment and DW Gateway.jpg)
    ![WAN Segment and DW Gateway.jpg_thumb](/public/imported_attachments/1/WAN Segment and DW Gateway.jpg_thumb)
    ![Default Gateway.jpg](/public/imported_attachments/1/Default Gateway.jpg)
    ![Default Gateway.jpg_thumb](/public/imported_attachments/1/Default Gateway.jpg_thumb)

  • Did you define VLAN in PFSENSE ? IF NOT then please make a set of rule to allow the IP address of the core switch to have internet access in your PFSense.

    ** If you define VLAN in PFsense then you do not need to make a route for

    PFSense acknowledge only the IP of your core switch not your VLAN IP.

  • LAYER 8 Netgate

    You don't need to add VLANs to pfSense.  They're all on your switch.

    The firewall rules on pfSense LAN probably have to be adjusted to allow traffic from  If your source network in your LAN pass rule is any, you don't need to do anything.  If it's LAN net or, you need to change it to  That will allow traffic into LAN from all your subnets, not just LAN net.

    The NAT rules in Firewall->NAT probably have to be adjusted to NAT for  You will have to go to outbound, set manual outbound, save, then change the rules from to so pfSense will NAT all your subnets, not just its LAN net.

    And that should be all you need.

  • Thanks Derelict!!!!!
    The Changes were:
    NAT Rules - Static configuration from my LAN to my Public IP.
    . If I want to reach any IP from my LAN Network, the firewall must be return the traffic to the switch.
    And also I must be change the LAN from  to

    After these change my network are function correctly!!!!
    Very thanks!!!!!!!!!!

Log in to reply