• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

Outbound NAT rules not working

Routing and Multi WAN
2
6
961
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • O
    Operations
    last edited by May 5, 2023, 7:05 PM

    I have got an IPv6 /48 and 1 x IPv4 from ISP. (KPN for the dutchies)
    and i have got an IPv4 /29 subnet (GRE Tunnel) 185.0.0.0 (so 5 x IP Alias)

    My standard gateway is the one from my ISP. So when i check my IP i see the IPv4 from my ISP and my IPv6 (Track Interface + RA) address. so far so good.

    But when i create an Outbound NAT rule (Hybrid) so from 172.16.20.250 to 185.0.0.0.3 it doesnt work (it is the highest rule). i am wondering if something is broken of misconfigured. Incoming the 185 addresses work. It is only the Outbound that doesn;t work anymore.

    I was running 2.6CE now i am running 2.7.

    S 1 Reply Last reply May 6, 2023, 3:44 AM Reply Quote 0
    • S
      SteveITS Galactic Empire @Operations
      last edited by May 6, 2023, 3:44 AM

      @operations Does the traffic not go out, or it uses the wrong public IP?

      A /29 should be 6 usable IPs unless one is used as a gateway? Are they routing the /29 to your single IP…? Aliases don’t have a gateway setting…

      Pre-2.7.2/23.09: Only install packages for your version, or risk breaking it. Select your branch in System/Update/Update Settings.
      When upgrading, allow 10-15 minutes to restart, or more depending on packages and device speed.
      Upvote 👍 helpful posts!

      O 1 Reply Last reply May 6, 2023, 7:34 AM Reply Quote 0
      • O
        Operations @SteveITS
        last edited by May 6, 2023, 7:34 AM

        @steveits said in Outbound NAT rules not working:

        @operations Does the traffic not go out, or it uses the wrong public IP?

        A /29 should be 6 usable IPs unless one is used as a gateway? Are they routing the /29 to your single IP…? Aliases don’t have a gateway setting…

        Traffic goes out, but wrong IP (ISP one).
        Use one is used as a Gateway so under gateways i also see that one.

        IP alias that is the way you set this up. GRE tunnel and them you add the 5 addresses as an IP alias. When i change my default gateway from the ISP on to the one from the /29 (Under Gateways) it does work. But the whole point of this has always been servers go out via the /29 block and normal LAN traffic goes out via the ISP ip.

        The weird thing is, this has worked for years.

        This is in dutch but this is how you set this up:

        https://www.kragt-ict.nl/2018/09/20/pfsense-en-extraip-com-configuratie/?amp=1

        This is the dNAT and sNAT part:

        https://www.kragt-ict.nl/2018/09/20/pfsense-en-extraip-com-dnat-snat/?amp=1

        S 1 Reply Last reply May 6, 2023, 1:26 PM Reply Quote 0
        • S
          SteveITS Galactic Empire @Operations
          last edited by May 6, 2023, 1:26 PM

          @operations huh, ok. Can you post your outbound NAT rule page?

          Pre-2.7.2/23.09: Only install packages for your version, or risk breaking it. Select your branch in System/Update/Update Settings.
          When upgrading, allow 10-15 minutes to restart, or more depending on packages and device speed.
          Upvote 👍 helpful posts!

          O 1 Reply Last reply May 6, 2023, 2:11 PM Reply Quote 0
          • O
            Operations @SteveITS
            last edited by May 6, 2023, 2:11 PM

            @steveits said in Outbound NAT rules not working:

            @operations huh, ok. Can you post your outbound NAT rule page?

            I think 2 gateways is a problem in pfsense since 2.5.2 with regards to outbound nat, not 100%.

            login-to-view

            O 1 Reply Last reply May 9, 2023, 10:18 PM Reply Quote 0
            • O
              Operations @Operations
              last edited by May 9, 2023, 10:18 PM

              @operations no one with an idea?

              1 Reply Last reply Reply Quote 0
              6 out of 6
              • First post
                6/6
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.