Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    How to NAT traffic into a LAN to the LAN interface IP?

    Scheduled Pinned Locked Moved NAT
    3 Posts 2 Posters 789 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • B
      bigfish
      last edited by

      Hi,

      I have a WAN interface and two LAN interfaces (LAN and OPT1).  At present traffic from OPT1 goes out to the Internet (WAN) and is NAT'd using the automatic NAT rules.  I understand that these apply for traffic going from LAN type interfaces to WAN type interfaces, where WAN type interfaces are defined as those that have a gateway defined and LAN type interfaces as those that don't have a gateway defined.  This works and is as required for traffic from OPT1 to get to the internet.

      I also want traffic from the LAN interface that routes to the OPT1 interface to be NAT'd to the interface IP on OPT1.  Since this is a LAN type to LAN type the automatic NAT rules don't apply so I enabled Manual outbound NAT, and defined a rule on the OPT1 interface for traffic with a source on the LAN interface to any destination using the NAT address of the OPT1 address.  But this does not work, a packet capture shows an ICMP packet routed out the OPT1 interface from the LAN network without the source IP being changed.

      I wondered if I needed to define the NAT rule on the LAN interface (since the tab is called 'outbound' and the relevant traffic is 'inbound' on the OPT1 interface.  But whilst I can specify the source and destination I cannot select OPT1 interface (only LAN interface or a new range) as the NAT pool.

      I didn't have much luck with Googling similar situations, although I did not the recent thread by comeback1106 https://forum.pfsense.org/index.php?topic=86629.0 which asks something similar and implies this can be done.

      Regards
      Martin

      1 Reply Last reply Reply Quote 0
      • DerelictD
        Derelict LAYER 8 Netgate
        last edited by

        Sounds like you've done everything right.  It works here.  (From the diagram in my sig) I set the attached manual outbound NAT rule and sshed from Host A1 to Host A2.  The source IP from Host A2's perspective is 192.168.1.1.

        ![Screen Shot 2015-01-13 at 1.47.56 AM.png](/public/imported_attachments/1/Screen Shot 2015-01-13 at 1.47.56 AM.png)
        ![Screen Shot 2015-01-13 at 1.47.56 AM.png_thumb](/public/imported_attachments/1/Screen Shot 2015-01-13 at 1.47.56 AM.png_thumb)
        ![Screen Shot 2015-01-13 at 1.50.52 AM.png](/public/imported_attachments/1/Screen Shot 2015-01-13 at 1.50.52 AM.png)
        ![Screen Shot 2015-01-13 at 1.50.52 AM.png_thumb](/public/imported_attachments/1/Screen Shot 2015-01-13 at 1.50.52 AM.png_thumb)

        Chattanooga, Tennessee, USA
        A comprehensive network diagram is worth 10,000 words and 15 conference calls.
        DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
        Do Not Chat For Help! NO_WAN_EGRESS(TM)

        1 Reply Last reply Reply Quote 0
        • B
          bigfish
          last edited by

          Thanks Derelict.

          I especially liked your lab set-up, inspired me to spin up some pfsense virtuals and do some testing myself.  I was able to get this working in this lab setup, but on the actual live router it still does not work.  I'm at a loss but I have found a work around and can live without it so I'm going to have to draw the line under it and move on.

          I am certainly more educated now, for which I am grateful.

          Regards
          Martin

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.