Configuring a network-to-network NAT in pfSense

In this case, I’m NATing 10.8.0.0/16 (interface name = vlan8) to 10.120.0.0/16 (interface name = int8), so a packet to 10.8.150.3 will be NATed to 10.120.150.3.

Go to Firewall -> Nat
Create a new 1:1 mapping, and put the settings as follows:
Interface: vlan8
External subnet IP: 10.8.0.0
Internal IP: int8 subnet
Destination: any (you might be able to use int8 subnet here, but it wouldn’t work with my VPN configuration as VPN IPs are on a separate subnet)
NAT reflection: use system default

And save, now to Firewall -> virtual IPs
Create a new virtual IP
I’ve used CARP, but when I get the chance I’ll try Proxy ARP, which would be better for those who have an entire subnet behind the pfsense (I don’t, so I need to put in each address to NAT individually)

And then the settings on your host behind the pfsense:
IP: 10.120.150.3/16 (whatever IP you want)
gw: 10.120.x.x (IP of pfsense’s int8 interface)
(to set the gateway in Ubuntu, using /etc/network/interfaces didn’t seem to want to work for me, so I used “route add default gw 10.120.x.x” instead)

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>