Outbound NAT rules not working
-
I have got an IPv6 /48 and 1 x IPv4 from ISP. (KPN for the dutchies)
and i have got an IPv4 /29 subnet (GRE Tunnel) 185.0.0.0 (so 5 x IP Alias)My standard gateway is the one from my ISP. So when i check my IP i see the IPv4 from my ISP and my IPv6 (Track Interface + RA) address. so far so good.
But when i create an Outbound NAT rule (Hybrid) so from 172.16.20.250 to 185.0.0.0.3 it doesnt work (it is the highest rule). i am wondering if something is broken of misconfigured. Incoming the 185 addresses work. It is only the Outbound that doesn;t work anymore.
I was running 2.6CE now i am running 2.7.
-
@operations Does the traffic not go out, or it uses the wrong public IP?
A /29 should be 6 usable IPs unless one is used as a gateway? Are they routing the /29 to your single IP…? Aliases don’t have a gateway setting…
-
@steveits said in Outbound NAT rules not working:
@operations Does the traffic not go out, or it uses the wrong public IP?
A /29 should be 6 usable IPs unless one is used as a gateway? Are they routing the /29 to your single IP…? Aliases don’t have a gateway setting…
Traffic goes out, but wrong IP (ISP one).
Use one is used as a Gateway so under gateways i also see that one.IP alias that is the way you set this up. GRE tunnel and them you add the 5 addresses as an IP alias. When i change my default gateway from the ISP on to the one from the /29 (Under Gateways) it does work. But the whole point of this has always been servers go out via the /29 block and normal LAN traffic goes out via the ISP ip.
The weird thing is, this has worked for years.
This is in dutch but this is how you set this up:
https://www.kragt-ict.nl/2018/09/20/pfsense-en-extraip-com-configuratie/?amp=1
This is the dNAT and sNAT part:
https://www.kragt-ict.nl/2018/09/20/pfsense-en-extraip-com-dnat-snat/?amp=1
-
@operations huh, ok. Can you post your outbound NAT rule page?
-
@steveits said in Outbound NAT rules not working:
@operations huh, ok. Can you post your outbound NAT rule page?
I think 2 gateways is a problem in pfsense since 2.5.2 with regards to outbound nat, not 100%.
-
@operations no one with an idea?