4. Problem whit NAT on different subnet

Problem whit NAT on different subnet

  • E

    Hello everyone,

    my pfsense has a public IP on the WAN, its IP on the LAN is 192.168.1.253
    has 12 static routes configured (working) reached through another router with a LAN IP 192.168.1.254 (not run by me)
    I should do a NAT port 81 of my public IP on a server that resides in one of the 12 subnets.

    I have configured the Port Forward in the following way:

    WAN interface
    any source
    Destination IP WAN
    Destination port 81
    Redirect target IP 192.168.10.230
    Redirect target port 81

    The nat in this way does not work as inactive until the Manual Outbound NAT and create the SNAT rule like this:

    LAN interface
    any source
    destination 192.168.10.230
    destination port 81
    translation interface address

    This way I can from the outside to reach the server on port 81, but the internal routing between subnets is not working
    Can someone help me understand?

    thanks

    0
  • P

    Your pfSense has a public WAN.
    I guess that the other router at LAN IP 192.168.1.254 also has some other public internet interface - i.e. it does not use your LAN and pfSense to transit traffic to the internet.
    If that is true, then when you do a normal port forward to a server behind that router, the incoming traffic reaches the destination, but the replies from the server go back out to the internet via the other path. pfSense does not see traffic flowing back, so the state is "unbalanced" and soon times out and thus the client out on the public internet stops working.

    When you NAT on the way out of pfSense onto LAN, t then looks to the internal subnets that the traffic came from pfSense LAN IP. That internal router can correctly deliver packets back to pfSense LAN IP, so traffic for the state goes happily through pfSense in both directions.

    but the internal routing between subnets is not working

    Exactly what is not working?
    Did it stop working when you added the NAT out of pfSense LAN?

    (others feel free to answer - I will be offline most of the next 24 hours)

    0
  • E

    Many thanks for your reply,

    Ok with the manual outbound nat enabled and the rule of SNAT I reach
    perfectly the server on port 81 from the outside

    However, though the subnet 192.168.2.x / 24 does not reach server 192.168.1.200 on port 80.
    Instead, if I enable automatic outbound nat perfectly reach the server 192.168.1.200 on port 80 but not the server 192.168.10.230 on port 81.

    I forget what?

    thanks again

    0
Log in to reply
 

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© 2020 Rubicon Communications, LLC | Privacy Policy