@johnpoz Thanks again for the post. I upgraded to devel 2.6 and tried it. Traffic on the FW is passing with green check marks, it doesn't seem to be working. In fact, my hybrid NAT with the rule I have in place doesn't work either as in the previous version AND on top of that, I re-enabled the LAN rule I had where it would make that host's IP use the secondary gateway that was working...and it is now NOT working. ** Edit: The LAN rule must have taken a minute, it is working now BUT still same problem. It no worky with secondary WAN like it says in the redmine post Truly and enterprise product. SMH The folks on the redmine post that think it is working in 2.6 devel aren't correct because it's clearly not working.

Great, thanks :)

@kom I added it and there was no change So I deleted it At the moment it works does not bother me to wait another 30 seconds for it to appear that it is "connected" Thanks

@coldfire7 I am sure about it, because I had to create a vpn killswitch for that, so...

@dzinks You'd need two pfSense routers connected via their WAN interface. 192.168.1.0/24 can't exist on the same router with different interfaces. You'd need to do a 1:1 NAT on both routers with different addresses poining to 192.168.1.0 for Production and Sandpit. https://docs.netgate.com/pfsense/en/latest/nat/1-1.html https://www.netgate.com/resources/videos/nat-on-pfsense-23.html

@jms123 said in 1 : 1 NAT and outbound NAT: 1:1 NAT overrides any outbound NAT All traffic originating from that private IPv4 address going to the Internet will be mapped by 1:1 NAT to the public IPv4 address defined in the entry, overriding the Outbound NAT configuration

@skilledinept said in Disguising a device behind 1:1 NAT: I'd like to disguise HOST's real IP address from the rest of the network downstream For what purpose? Just at a loss to why anyone would want to do this?

I just looked in the games forum seems this is raised alot. Might read through the threads in there as seems some have it working on the Xbox thread so may work with mine. The game is modern warfare and the game I play is cold war but all the ports are the same so should be the same outcome. Now to find time and dust off my router lol

@jfre9193 I believe that is related to this: https://redmine.pfsense.org/issues/11805

@KOM No, the default rule should be fine.

@averagecdn I don't think you can do it like that in an asymmetric routing situation. You forward from the device that controls the server's traffic.

@acnic The failure of that bug is that pfSense is sending reply packets ever to the default gateway. So if you're on CE 2.5.1 and the DSL modem is not the default gateway, you will be affected. but if i connect to the LAN of the DSL modem and try i.e 192.168.2.2:80 it works as it should When you're in the DSL modems LAN and access pfSense, replies have not to be directed to a gateway. This also means, that you can do a workaround by masquerading incoming packets on the DLS router if it is capable of this function.

Nobody has any suggestion?

@testcb00 said in Two public IP (A/B), one DHCP, how to make specific internal IP use IP B?: Will it brake the network? or it is normal to make outbound like this, and make new outbound to overwrite for specific Hosts? No it shouldn't. Your new rules only apply to that one client. Everything else goes out the default WAN as per usual. Test it and see if there are problems.

simple solution would to just be a source nat. Outbound nat on your iot interface that nats traffic to your pfsense iot interface IP. Now this devices thinks any traffic be it coming from an openvpn connection, or even your lan thinks its coming from pfsense iot IP which is in your iot network.