Problem trying to disable NAT

netsysadmin · May 4, 2008, 8:01 AM

Hi everyone,

My current topology is as follows:

LAN–-pfSense---ADSL modem/router---Internet

LAN subnet: 10.0.0.0/16
LAN interface IP on pfSense: 10.0.0.3
WAN interface IP on pfSense: 10.1.0.1 (gateway=10.1.0.2)
LAN interface IP of ADSL modem/router: 10.1.0.2
WAN interface IP of ADSL modem/router: obtained via DHCP from ISP

I do not want to use NAT on the pfSense box because the ADSL modem/router is already doing NAT.

I did the following after searching the forum:

From menu, Firewall -> NAT, then on the Outbound tab, I checked "Manual Outbound NAT rule generation (Advanced Outbound NAT (AON))" and then clicked on "Save". Then, I deleted the autocreated rule in the mapping table below:
WAN 10.0.0.0/16 * * * * * NO Auto created rule for LAN

Then I clicked on "Apply changes".

I also unchecked the "Block private networks" option in the WAN interface configuration.

The problem is I can not access the Internet after doing all that.
I CAN ping the WAN interface (IP 10.1.0.1) of the pfSense box, but NOT the LAN interface (IP: 10.1.0.2) of the ADSL modem/router from a PC (with gateway 10.0.0.3) in the LAN.
From the pfSense box, I am able to ping it.

What am I missing here?

Thanks for any help.

Perry · May 4, 2008, 8:25 AM

I don't really understand why you want to go that way…..

my choices would be

1. bridge modem/router. If you can't do that then disable DHCP and DMZ a IP to the pfSense so it can do the DHCP/natting.

2. Setting up pfsense as transparent firewall

netsysadmin · May 4, 2008, 9:48 AM

I am willing to give a try to your suggestions, but first, can you please tell me why I can't ping the LAN interface of the ADSL modem/router and am unable to access the Internet?

I did not really grasp your first choice. Do you mean to configure pfSense as a bridge by bridging the LAN and WAN interfaces?

Now, regarding your second choice, does captive portal and passive mode FTP work with a transparent firewall?
Are there any other features that do NOT work with pfSense as a transparent firewall?

PS: Is it possible to get rid of the ADSL modem/router and connect the ADSL line directly to pfSense?

Thanks for your reply

netsysadmin · May 5, 2008, 6:03 AM

By the way, the ADSL modem/router in my topology (see first post) is actually ONE device.
The version of pfSense I'm using is 1.2-RELEASE built on Sun Feb 24 17:04:58 EST 2008.

Perry · May 5, 2008, 8:03 AM

If you have a PPPoE connection you might be able to bridge your modem/router.

By the way, the ADSL modem/router in my topology (see first post) is actually ONE device.

Same here (WAG200). I've disabled dhcp and added an ip in DMZ witch is the one i connect pfSense with.

netsysadmin · May 5, 2008, 12:46 PM

Yes, that is another option, but do you have any idea why choosing Advanced Outbound NAT is not working?
Do I need to restart the pfSense box?

The ADSL modem/router actually uses PPPoA, not PPPoE.

GruensFroeschli · May 5, 2008, 12:50 PM

Did you add a static route on the ADSL-Modem pointing to 10.1.0.1 for the 10.0.0.0/16 subnet?

Because if you dont add a static route your modem has no clue that this subnet even exists and thus will always send the data to it's default gateway. –> To your ISP which will just drop these packets.