• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

Problem whit NAT on different subnet

Scheduled Pinned Locked Moved NAT
3 Posts 2 Posters 1.2k Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • E
    edoosan
    last edited by Nov 13, 2014, 11:08 AM

    Hello everyone,

    my pfsense has a public IP on the WAN, its IP on the LAN is 192.168.1.253
    has 12 static routes configured (working) reached through another router with a LAN IP 192.168.1.254 (not run by me)
    I should do a NAT port 81 of my public IP on a server that resides in one of the 12 subnets.

    I have configured the Port Forward in the following way:

    WAN interface
    any source
    Destination IP WAN
    Destination port 81
    Redirect target IP 192.168.10.230
    Redirect target port 81

    The nat in this way does not work as inactive until the Manual Outbound NAT and create the SNAT rule like this:

    LAN interface
    any source
    destination 192.168.10.230
    destination port 81
    translation interface address

    This way I can from the outside to reach the server on port 81, but the internal routing between subnets is not working
    Can someone help me understand?

    thanks

    1 Reply Last reply Reply Quote 0
    • P
      phil.davis
      last edited by Nov 13, 2014, 6:20 PM

      Your pfSense has a public WAN.
      I guess that the other router at LAN IP 192.168.1.254 also has some other public internet interface - i.e. it does not use your LAN and pfSense to transit traffic to the internet.
      If that is true, then when you do a normal port forward to a server behind that router, the incoming traffic reaches the destination, but the replies from the server go back out to the internet via the other path. pfSense does not see traffic flowing back, so the state is "unbalanced" and soon times out and thus the client out on the public internet stops working.

      When you NAT on the way out of pfSense onto LAN, t then looks to the internal subnets that the traffic came from pfSense LAN IP. That internal router can correctly deliver packets back to pfSense LAN IP, so traffic for the state goes happily through pfSense in both directions.

      but the internal routing between subnets is not working

      Exactly what is not working?
      Did it stop working when you added the NAT out of pfSense LAN?

      (others feel free to answer - I will be offline most of the next 24 hours)

      As the Greek philosopher Isosceles used to say, "There are 3 sides to every triangle."
      If I helped you, then help someone else - buy someone a gift from the INF catalog http://secure.inf.org/gifts/usd/

      1 Reply Last reply Reply Quote 0
      • E
        edoosan
        last edited by Nov 14, 2014, 4:28 PM

        Many thanks for your reply,

        Ok with the manual outbound nat enabled and the rule of SNAT I reach
        perfectly the server on port 81 from the outside

        However, though the subnet 192.168.2.x / 24 does not reach server 192.168.1.200 on port 80.
        Instead, if I enable automatic outbound nat perfectly reach the server 192.168.1.200 on port 80 but not the server 192.168.10.230 on port 81.

        I forget what?

        thanks again

        1 Reply Last reply Reply Quote 0
        3 out of 3
        • First post
          3/3
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
          This community forum collects and processes your personal information.
          consent.not_received