• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

Mapping public IP to internal host IP for outbound traffic

NAT
3
4
388
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • F
    fuckwit_mcbumcrumble
    last edited by Jan 2, 2024, 3:30 PM

    I have a /29 block of IPs and I'd like to map an IP to each device specifically for outbound traffic.
    I've seen a bunch of guides for dealing with traffic going inbound, but I haven't found anything that works for outbound traffic.

    My current setup is pfSense on IP *.35, and I'd like to use *.36, 37, and 38 for my 3 internal hosts.
    On a fresh config of pfSense how would I accomplish this?
    Previously in IPFire we made virtual IP addresses and mapped those to each host.

    S 1 Reply Last reply Jan 2, 2024, 5:07 PM Reply Quote 0
    • S
      SteveITS Galactic Empire @fuckwit_mcbumcrumble
      last edited by Jan 2, 2024, 5:07 PM

      @fuckwit_mcbumcrumble Outbound NAT:
      https://docs.netgate.com/pfsense/en/latest/nat/outbound.html
      You can change to Hybrid and add rules for your special devices.

      The IPs can be added as VIPs/IP Alias:
      https://docs.netgate.com/pfsense/en/latest/firewall/virtual-ip-addresses.html

      Pre-2.7.2/23.09: Only install packages for your version, or risk breaking it. Select your branch in System/Update/Update Settings.
      When upgrading, allow 10-15 minutes to restart, or more depending on packages and device speed.
      Upvote 👍 helpful posts!

      F 1 Reply Last reply Jan 2, 2024, 5:34 PM Reply Quote 0
      • F
        fuckwit_mcbumcrumble @SteveITS
        last edited by Jan 2, 2024, 5:34 PM

        @SteveITS
        Attached is my current config. As far as I can tell from those guides I have it set up correctly based on those docs.
        However as soon as I enable the outbound nat rule the device is not able to communicate outside of the network.
        Inside it works just fine, but as soon as it tries to leave the network all connectivity is lost.

        login-to-view
        login-to-view
        login-to-view

        V 1 Reply Last reply Jan 3, 2024, 9:15 PM Reply Quote 0
        • V
          viragomann @fuckwit_mcbumcrumble
          last edited by Jan 3, 2024, 9:15 PM

          @fuckwit_mcbumcrumble
          You need to add the public IPs to the WAN first. Firewall > Virtual IPs
          Use type "IP Alias", select WAN interface and state the desired IP with the correct /29 mask.

          Then in the outbound NAT rule at translation address you can select this IP from the drop-down. But it should also work with the alias you've already created.

          1 Reply Last reply Reply Quote 1
          3 out of 4
          • First post
            3/4
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.