Problem trying to disable NAT



  • Hi everyone,

    My current topology is as follows:

    LAN–-pfSense---ADSL modem/router---Internet

    LAN subnet: 10.0.0.0/16
    LAN interface IP on pfSense: 10.0.0.3
    WAN interface IP on pfSense: 10.1.0.1 (gateway=10.1.0.2)
    LAN interface IP of ADSL modem/router: 10.1.0.2
    WAN interface IP of ADSL modem/router: obtained via DHCP from ISP

    I do not want to use NAT on the pfSense box because the ADSL modem/router is already doing NAT.

    I did the following after searching the forum:

    From menu, Firewall -> NAT, then on the Outbound tab, I checked "Manual Outbound NAT rule generation (Advanced Outbound NAT (AON))" and then clicked on "Save". Then, I deleted the autocreated rule in the mapping table below:
    WAN    10.0.0.0/16  *  *  *  *  *  NO Auto created rule for LAN

    Then I clicked on "Apply changes".

    I also unchecked the "Block private networks" option in the WAN interface configuration.

    The problem is I can not access the Internet after doing all that.
    I CAN ping the WAN interface (IP 10.1.0.1) of the pfSense box, but NOT the LAN interface (IP: 10.1.0.2) of the ADSL modem/router from a PC (with gateway 10.0.0.3) in the LAN.
    From the pfSense box, I am able to ping it.

    What am I missing here?

    Thanks for any help.



  • I don't really understand why you want to go that way…..

    my choices would be

    1. bridge modem/router. If you can't do that then disable DHCP and DMZ a IP to the pfSense so it can do the DHCP/natting.

    2. Setting up pfsense as transparent firewall



  • I am willing to give a try to your suggestions, but first, can you please tell me why I can't ping the LAN interface of the ADSL modem/router and am unable to access the Internet?

    I did not really grasp your first choice. Do you mean to configure pfSense as a bridge by bridging the LAN and WAN interfaces?

    Now, regarding your second choice, does captive portal and passive mode FTP work with a transparent firewall?
    Are there any other features that do NOT work with pfSense as a transparent firewall?

    PS: Is it possible to get rid of the ADSL modem/router and connect the ADSL line directly to pfSense?

    Thanks for your reply



  • By the way, the ADSL modem/router in my topology (see first post) is actually ONE device.
    The version of pfSense I'm using is 1.2-RELEASE built on Sun Feb 24 17:04:58 EST 2008.



  • If you have a PPPoE connection you might be able to bridge your modem/router.

    By the way, the ADSL modem/router in my topology (see first post) is actually ONE device.

    Same here (WAG200). I've disabled dhcp and added an ip in DMZ witch is the one i connect pfSense with.



  • Yes, that is another option, but do you have any idea why choosing Advanced Outbound NAT is not working?
    Do I need to restart the pfSense box?

    The ADSL modem/router actually uses PPPoA, not PPPoE.



  • Did you add a static route on the ADSL-Modem pointing to 10.1.0.1 for the 10.0.0.0/16 subnet?

    Because if you dont add a static route your modem has no clue that this subnet even exists and thus will always send the data to it's default gateway. –> To your ISP which will just drop these packets.


Log in to reply