Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    NAT from LAN to OPT1, OPT2, OPT3, OPT4 - SG-4860

    Scheduled Pinned Locked Moved NAT
    4 Posts 4 Posters 1.4k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • R
      ramgaard
      last edited by

      Hi,

      I was woundering if it was possible to make a NAT setting, like my drawing attached.

      The hardware I will use is: SG-4860

      It has 6 ports, and i want to use them all.

      The LAN connection is a network where there will be a Server. (172.16.0.xxx / 255.255.248.0)

      The OPT1-4 will be a network for some equipment I want to access from the server. (All networks has 192.168.1.xxx / 255.255.255.0)

      The WAN connection will be the internet connection and I will forward port 80 to the server.

      So, if I want to access a device on OPT1 network will I on the server put in 172.16.1.xxx, OPT2 = 172.16.2.xxx, OPT3 = 172.16.3.xxx, OPT4 = 172.16.4.xxx
      And from the inside of the OPT# network will I also need to be able to connect to the Server on 172.16.1.xxx

      Is this possible?

      Best Regards,
      Rasmus Ramgaard
      Network.png_thumb
      Network.png

      1 Reply Last reply Reply Quote 0
      • D
        doktornotor Banned
        last edited by

        @ramgaard:

        The OPT1-4 will be a network for some equipment I want to access from the server. (All networks has 192.168.1.xxx / 255.255.255.0)

        What??? You cannot have 4 interfaces on the same subnet. And there's no need to do anything at all wrt NAT to access things on LAN, except for setting up firewall rules to allow access on OPTx.

        1 Reply Last reply Reply Quote 0
        • ?
          Guest
          last edited by

          OPT1 - 192.168.1.0/24
          OPT2 - 192.168.2.0/24
          OPT3 - 192.168.3.0/24
          OTP4 - 192.168.4.0/24

          If all OPT nets owns a 192.168.1.0/24 network how should the SG unit knows to which OPT net
          it has to route the packets?

          The rest would be ok, otherwise if there is NAT made between the networks, how should then
          the OPT1 - 4 connect form the outside to the server?

          1 Reply Last reply Reply Quote 0
          • jimpJ
            jimp Rebel Alliance Developer Netgate
            last edited by

            The only way that sort of setup will work is if there is an additional firewall on each leg doing the extra NAT. As the others said, you can't have the same subnet on multiple interfaces in that way. Not only does it require NAT like you show, but that NAT has to be performed by something on the other end of the lines.

            If each of those additional sites had their own firewall and the "main" pfSense unit only saw your 172 subnets that would work fine, but something has to be in place to ensure that no one device sees the same subnet on multiple interfaces.

            Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

            Need help fast? Netgate Global Support!

            Do not Chat/PM for help!

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.