Novice question about NAT and multiple LAN networks
-
Hi, I'm a networking novice, so apologies for naiive questions …
I am experimenting with my 1st pfSense box, I have it running well with 1 each WAN/LAN/WIFI interfaces plus a couple of VPN client interfaces.
The LAN and WIFI are set up with 2 separate local networks 192.168.55.1/24 and 192.168.66.1/24.
After a bit of fiddling with firewall rules I am comfortable that I can get the connectivity I want between the various networks.
To access internet via WAN I have cloned the Firewall -> NAT -> Outbound rules so that I have duplicate rules for the LAN and WIFI networks. So where I have a NAT rule for 192.168.55.0/24 I also have an equivalent for 192.168.66.0/24. This all works perfectly.
My questions is: could I replace each of these pairs of rules with a single rule for 192.168.0.0/16 ? I have tried it and it seems to work but I am nervous that there might be other implications that I am missing.
The reason for doing this is just "simplicity". I will eventually add several more networks, and I also have some additional gateways (VPN) defined, and this cludge would greatly reduce the number of rules I need to manage..
-
You can combine the NAT rules into the one without too much trouble, in my opinion. Your firewall rules would still have to be set individually on each of your LAN and WIFI networks.
-
Thanks. I am planning FW separate rules for each LAN/WIFI interface. It is only the NAT rules that I was thinking of consolidating.
-
Why does it matter for your nat rules? Why did you have to do anything on the nat rules? Once you create a new interface the nat rules the new source IPs of your other segment would of auto been added to the rules for wan interface.
I have multiple lan side nics with some being physical and other being vlans on the physical interfaces - as you see I have multiple 192.168.x segments - and they are all included in the nat rule to my wan interface