• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

Problem trying to disable NAT

Scheduled Pinned Locked Moved NAT
7 Posts 3 Posters 3.0k Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • N
    netsysadmin
    last edited by May 4, 2008, 8:01 AM May 4, 2008, 7:55 AM

    Hi everyone,

    My current topology is as follows:

    LAN–-pfSense---ADSL modem/router---Internet

    LAN subnet: 10.0.0.0/16
    LAN interface IP on pfSense: 10.0.0.3
    WAN interface IP on pfSense: 10.1.0.1 (gateway=10.1.0.2)
    LAN interface IP of ADSL modem/router: 10.1.0.2
    WAN interface IP of ADSL modem/router: obtained via DHCP from ISP

    I do not want to use NAT on the pfSense box because the ADSL modem/router is already doing NAT.

    I did the following after searching the forum:

    From menu, Firewall -> NAT, then on the Outbound tab, I checked "Manual Outbound NAT rule generation (Advanced Outbound NAT (AON))" and then clicked on "Save". Then, I deleted the autocreated rule in the mapping table below:
    WAN    10.0.0.0/16  *  *  *  *  *  NO Auto created rule for LAN

    Then I clicked on "Apply changes".

    I also unchecked the "Block private networks" option in the WAN interface configuration.

    The problem is I can not access the Internet after doing all that.
    I CAN ping the WAN interface (IP 10.1.0.1) of the pfSense box, but NOT the LAN interface (IP: 10.1.0.2) of the ADSL modem/router from a PC (with gateway 10.0.0.3) in the LAN.
    From the pfSense box, I am able to ping it.

    What am I missing here?

    Thanks for any help.

    1 Reply Last reply Reply Quote 0
    • P
      Perry
      last edited by May 4, 2008, 8:25 AM

      I don't really understand why you want to go that way…..

      my choices would be

      1. bridge modem/router. If you can't do that then disable DHCP and DMZ a IP to the pfSense so it can do the DHCP/natting.

      2. Setting up pfsense as transparent firewall

      /Perry
      doc.pfsense.org

      1 Reply Last reply Reply Quote 0
      • N
        netsysadmin
        last edited by May 4, 2008, 9:48 AM

        I am willing to give a try to your suggestions, but first, can you please tell me why I can't ping the LAN interface of the ADSL modem/router and am unable to access the Internet?

        I did not really grasp your first choice. Do you mean to configure pfSense as a bridge by bridging the LAN and WAN interfaces?

        Now, regarding your second choice, does captive portal and passive mode FTP work with a transparent firewall?
        Are there any other features that do NOT work with pfSense as a transparent firewall?

        PS: Is it possible to get rid of the ADSL modem/router and connect the ADSL line directly to pfSense?

        Thanks for your reply

        1 Reply Last reply Reply Quote 0
        • N
          netsysadmin
          last edited by May 5, 2008, 6:03 AM May 5, 2008, 5:42 AM

          By the way, the ADSL modem/router in my topology (see first post) is actually ONE device.
          The version of pfSense I'm using is 1.2-RELEASE built on Sun Feb 24 17:04:58 EST 2008.

          1 Reply Last reply Reply Quote 0
          • P
            Perry
            last edited by May 5, 2008, 8:03 AM

            If you have a PPPoE connection you might be able to bridge your modem/router.

            By the way, the ADSL modem/router in my topology (see first post) is actually ONE device.

            Same here (WAG200). I've disabled dhcp and added an ip in DMZ witch is the one i connect pfSense with.

            /Perry
            doc.pfsense.org

            1 Reply Last reply Reply Quote 0
            • N
              netsysadmin
              last edited by May 5, 2008, 12:46 PM

              Yes, that is another option, but do you have any idea why choosing Advanced Outbound NAT is not working?
              Do I need to restart the pfSense box?

              The ADSL modem/router actually uses PPPoA, not PPPoE.

              1 Reply Last reply Reply Quote 0
              • G
                GruensFroeschli
                last edited by May 5, 2008, 12:50 PM

                Did you add a static route on the ADSL-Modem pointing to 10.1.0.1 for the 10.0.0.0/16 subnet?

                Because if you dont add a static route your modem has no clue that this subnet even exists and thus will always send the data to it's default gateway. –> To your ISP which will just drop these packets.

                We do what we must, because we can.

                Asking questions the smart way: http://www.catb.org/esr/faqs/smart-questions.html

                1 Reply Last reply Reply Quote 0
                7 out of 7
                • First post
                  7/7
                  Last post
                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
                  This community forum collects and processes your personal information.
                  consent.not_received