I have a pfSense box I want to do fairly simple (I believe) outbound NAT, akin to a home router. It seems I'm mostly there but not quite.
- There exists an upstream-accessible IP address (lets use 8.8.8.8 for this example)
- The pfSense box gets assigned an IP address via DHCP on the WAN interface
- The pfSense box can ping 8.8.8.8
- A laptop connected to the LAN interface on the pfSense box gets correctly assigned an IP address by DHCP
- Said laptop can ping the pfSense box
- Said laptop gets a default route pointing to the pfSense box
- Said laptop, when
traceroute
ing to 8.8.8.8 only gets as far as the pfSense box
I believe this to be a problem with the NAT configuration given the above behaviour. As far as I can tell it should Just Work for outbound NAT with relatively little configuration.
Interfaces > WAN: The WAN interface is enabled, configured with DHCP, has the "block private networks" and "block bogon networks" options unchecked, and otherwise has nothing else set
System > Routing > Gateways: There are 3 gateways, WAN, WAN_DHCP6, WAN_DHCP; the last of which has the IP address of the upstream gateway assigned, the last two of which are marked as default. The "WAN" gateway has an interface of "LAN" and a gateway of "dynamic" (I suspect this may be incorrect?)
Interfaces > LAN: The LAN interfce is enabled, has IPv4 configuration of "static IPv4" (IPv6 set to None), and upstream gateway set to "None" (I suspect this may be incorrect?)
Firewall > NAT > Outbound: Set to "Automatic outbound NAT rule generation"
Firewall > Rules > WAN: "No rules are currently defined for this interface" (do I need the equivalent of iptables --protocol tcp --match state --state RELATED,ESTABLISHED --jump ALLOW
?)
Firewall > Rules > LAN: "Default allow LAN to any rule" etc.
Any advice welcomed please!
http://www.gliffy.com/go/publish/image/5895525/L.png is a rough sketch