Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Problem trying to disable NAT

    NAT
    3
    7
    3.0k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • N
      netsysadmin
      last edited by

      Hi everyone,

      My current topology is as follows:

      LAN–-pfSense---ADSL modem/router---Internet

      LAN subnet: 10.0.0.0/16
      LAN interface IP on pfSense: 10.0.0.3
      WAN interface IP on pfSense: 10.1.0.1 (gateway=10.1.0.2)
      LAN interface IP of ADSL modem/router: 10.1.0.2
      WAN interface IP of ADSL modem/router: obtained via DHCP from ISP

      I do not want to use NAT on the pfSense box because the ADSL modem/router is already doing NAT.

      I did the following after searching the forum:

      From menu, Firewall -> NAT, then on the Outbound tab, I checked "Manual Outbound NAT rule generation (Advanced Outbound NAT (AON))" and then clicked on "Save". Then, I deleted the autocreated rule in the mapping table below:
      WAN    10.0.0.0/16  *  *  *  *  *  NO Auto created rule for LAN

      Then I clicked on "Apply changes".

      I also unchecked the "Block private networks" option in the WAN interface configuration.

      The problem is I can not access the Internet after doing all that.
      I CAN ping the WAN interface (IP 10.1.0.1) of the pfSense box, but NOT the LAN interface (IP: 10.1.0.2) of the ADSL modem/router from a PC (with gateway 10.0.0.3) in the LAN.
      From the pfSense box, I am able to ping it.

      What am I missing here?

      Thanks for any help.

      1 Reply Last reply Reply Quote 0
      • P
        Perry
        last edited by

        I don't really understand why you want to go that way…..

        my choices would be

        1. bridge modem/router. If you can't do that then disable DHCP and DMZ a IP to the pfSense so it can do the DHCP/natting.

        2. Setting up pfsense as transparent firewall

        /Perry
        doc.pfsense.org

        1 Reply Last reply Reply Quote 0
        • N
          netsysadmin
          last edited by

          I am willing to give a try to your suggestions, but first, can you please tell me why I can't ping the LAN interface of the ADSL modem/router and am unable to access the Internet?

          I did not really grasp your first choice. Do you mean to configure pfSense as a bridge by bridging the LAN and WAN interfaces?

          Now, regarding your second choice, does captive portal and passive mode FTP work with a transparent firewall?
          Are there any other features that do NOT work with pfSense as a transparent firewall?

          PS: Is it possible to get rid of the ADSL modem/router and connect the ADSL line directly to pfSense?

          Thanks for your reply

          1 Reply Last reply Reply Quote 0
          • N
            netsysadmin
            last edited by

            By the way, the ADSL modem/router in my topology (see first post) is actually ONE device.
            The version of pfSense I'm using is 1.2-RELEASE built on Sun Feb 24 17:04:58 EST 2008.

            1 Reply Last reply Reply Quote 0
            • P
              Perry
              last edited by

              If you have a PPPoE connection you might be able to bridge your modem/router.

              By the way, the ADSL modem/router in my topology (see first post) is actually ONE device.

              Same here (WAG200). I've disabled dhcp and added an ip in DMZ witch is the one i connect pfSense with.

              /Perry
              doc.pfsense.org

              1 Reply Last reply Reply Quote 0
              • N
                netsysadmin
                last edited by

                Yes, that is another option, but do you have any idea why choosing Advanced Outbound NAT is not working?
                Do I need to restart the pfSense box?

                The ADSL modem/router actually uses PPPoA, not PPPoE.

                1 Reply Last reply Reply Quote 0
                • GruensFroeschliG
                  GruensFroeschli
                  last edited by

                  Did you add a static route on the ADSL-Modem pointing to 10.1.0.1 for the 10.0.0.0/16 subnet?

                  Because if you dont add a static route your modem has no clue that this subnet even exists and thus will always send the data to it's default gateway. –> To your ISP which will just drop these packets.

                  We do what we must, because we can.

                  Asking questions the smart way: http://www.catb.org/esr/faqs/smart-questions.html

                  1 Reply Last reply Reply Quote 0
                  • First post
                    Last post
                  Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.