pfSense Gold Subscription

Author Topic: NAT Pfsense wan in other lan  (Read 1716 times)

0 Members and 1 Guest are viewing this topic.

Offline Jannus

  • Newbie
  • *
  • Posts: 13
  • Karma: +0/-0
    • View Profile
NAT Pfsense wan in other lan
« on: September 14, 2011, 02:32:35 am »
Hi,

Just started with a pfsense box on our company 2.0 RC3.

For a test lab we installed a pfsense box with lan 172.18.x.x the wan side is in our corporate lan 172.20.x.x (wan ip 172.20.0.252).

Everything is working fine except sometimes we see the source ip of a client from the 172.18.x.x network is showed as source ip 172.20.0.252.

Is there an option to keep the original source ip addresses without turning off nat on the pfsense box.

Thanks in advance.

Offline Jannus

  • Newbie
  • *
  • Posts: 13
  • Karma: +0/-0
    • View Profile
Re: NAT Pfsense wan in other lan
« Reply #1 on: September 16, 2011, 09:27:59 am »
any idea on this issue?

Offline dhatz

  • Hero Member
  • *****
  • Posts: 1002
  • Karma: +0/-0
    • View Profile
Re: NAT Pfsense wan in other lan
« Reply #2 on: September 16, 2011, 10:01:00 am »
If you don't want your pfSense to NAT the IPs behind its LAN interface, goto Firewall -> NAT -> Outbound and check Manual Outbound NAT rule generation (AON - Advanced Outbound NAT) and remove the auto-generated rules.

Depending on your topology and requirements, you might also need to tinker with firewall rules (e.g. pfsense by default comes with a rule that blocks private RFC 1918 network IPs on its WAN) and static routes.

Offline Jannus

  • Newbie
  • *
  • Posts: 13
  • Karma: +0/-0
    • View Profile
Re: NAT Pfsense wan in other lan
« Reply #3 on: September 20, 2011, 08:42:40 am »
okay i give it a try.

There is also an option do not nat in the auto nat created rules.

Where is this option used for?

Offline GruensFroeschli

  • Green Frog
  • Global Moderator
  • Hero Member
  • *****
  • Posts: 5066
  • Karma: +4/-0
  • No i will not fix your computer!
    • View Profile
    • FFXI related
Re: NAT Pfsense wan in other lan
« Reply #4 on: September 20, 2011, 09:11:08 am »
Rules are processed from top to down.

Example:
If you want to NAT your network out, but want to exclude a single IP.
1. rule, noNAT -> single IP
2. rule, NAT -> your network

The single IP would not be NATd, but the rest of the network would.
We do what we must, because we can.
(Except when you PM me to help you directly - DONT: keep your issues in the forum)

Offline iflyforfun

  • Newbie
  • *
  • Posts: 7
  • Karma: +0/-0
    • View Profile
Re: NAT Pfsense wan in other lan
« Reply #5 on: October 05, 2011, 12:04:22 am »
Hi Jannus,

I think I'm having the same problem as you.  See -> http://forum.pfsense.org/index.php/topic,41743.0.html

Did you ever get this issue resolved?  If so, what worked for you?

Thanks!
Kevin