Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Outbound NAT rules not working

    Routing and Multi WAN
    2
    6
    959
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • O
      Operations
      last edited by

      I have got an IPv6 /48 and 1 x IPv4 from ISP. (KPN for the dutchies)
      and i have got an IPv4 /29 subnet (GRE Tunnel) 185.0.0.0 (so 5 x IP Alias)

      My standard gateway is the one from my ISP. So when i check my IP i see the IPv4 from my ISP and my IPv6 (Track Interface + RA) address. so far so good.

      But when i create an Outbound NAT rule (Hybrid) so from 172.16.20.250 to 185.0.0.0.3 it doesnt work (it is the highest rule). i am wondering if something is broken of misconfigured. Incoming the 185 addresses work. It is only the Outbound that doesn;t work anymore.

      I was running 2.6CE now i am running 2.7.

      S 1 Reply Last reply Reply Quote 0
      • S
        SteveITS Galactic Empire @Operations
        last edited by

        @operations Does the traffic not go out, or it uses the wrong public IP?

        A /29 should be 6 usable IPs unless one is used as a gateway? Are they routing the /29 to your single IP…? Aliases don’t have a gateway setting…

        Pre-2.7.2/23.09: Only install packages for your version, or risk breaking it. Select your branch in System/Update/Update Settings.
        When upgrading, allow 10-15 minutes to restart, or more depending on packages and device speed.
        Upvote 👍 helpful posts!

        O 1 Reply Last reply Reply Quote 0
        • O
          Operations @SteveITS
          last edited by

          @steveits said in Outbound NAT rules not working:

          @operations Does the traffic not go out, or it uses the wrong public IP?

          A /29 should be 6 usable IPs unless one is used as a gateway? Are they routing the /29 to your single IP…? Aliases don’t have a gateway setting…

          Traffic goes out, but wrong IP (ISP one).
          Use one is used as a Gateway so under gateways i also see that one.

          IP alias that is the way you set this up. GRE tunnel and them you add the 5 addresses as an IP alias. When i change my default gateway from the ISP on to the one from the /29 (Under Gateways) it does work. But the whole point of this has always been servers go out via the /29 block and normal LAN traffic goes out via the ISP ip.

          The weird thing is, this has worked for years.

          This is in dutch but this is how you set this up:

          https://www.kragt-ict.nl/2018/09/20/pfsense-en-extraip-com-configuratie/?amp=1

          This is the dNAT and sNAT part:

          https://www.kragt-ict.nl/2018/09/20/pfsense-en-extraip-com-dnat-snat/?amp=1

          S 1 Reply Last reply Reply Quote 0
          • S
            SteveITS Galactic Empire @Operations
            last edited by

            @operations huh, ok. Can you post your outbound NAT rule page?

            Pre-2.7.2/23.09: Only install packages for your version, or risk breaking it. Select your branch in System/Update/Update Settings.
            When upgrading, allow 10-15 minutes to restart, or more depending on packages and device speed.
            Upvote 👍 helpful posts!

            O 1 Reply Last reply Reply Quote 0
            • O
              Operations @SteveITS
              last edited by

              @steveits said in Outbound NAT rules not working:

              @operations huh, ok. Can you post your outbound NAT rule page?

              I think 2 gateways is a problem in pfsense since 2.5.2 with regards to outbound nat, not 100%.

              Screenshot_20230506_160815_Chrome.png

              O 1 Reply Last reply Reply Quote 0
              • O
                Operations @Operations
                last edited by

                @operations no one with an idea?

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post
                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.