Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Nat address pool

    Scheduled Pinned Locked Moved NAT
    8 Posts 6 Posters 5.2k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • L
      lincf
      last edited by

      how can i do the nat pool on pfsense?
      if i have [ 192.168.0.1 192.168.0.3 192.168.0.5 ]
      how can i add multi ip on wan to do load balance on nat ?

      1 Reply Last reply Reply Quote 0
      • H
        hoba
        last edited by

        Search the forum, there is info on that already around.

        1 Reply Last reply Reply Quote 0
        • L
          lincf
          last edited by

          @hoba:

          Search the forum, there is info on that already around.

          I have to search the same question, but much application is for 2 wan for 2 ISP.
          In my example is for 1 ISP.
          so i don't have see the same question >_<

          1 Reply Last reply Reply Quote 0
          • dotdashD
            dotdash
            last edited by

            I think the OP is talking about using an alias/list or a network in AON, so the external NAT would use several public IPs. This is all doable in pf, but not configurable via the GUI. I thought I saw a feature request for this, not sure.

            1 Reply Last reply Reply Quote 0
            • T
              tdickson
              last edited by

              I would love to use this feature to get around - or mitigate PPTP issues.
              fricken seems to have hit a wall (either that or I can't figure it out)  and I have 90 public IP's I would love to randomize to help with PPTP connections…
              You said you can set it up non-GUI?  I've been searching around, and this post (with no answer) is about as accurate as I can come by.
              Any pointers are more than welcome.

              1 Reply Last reply Reply Quote 0
              • dotdashD
                dotdash
                last edited by

                'Not configurable via the GUI' is shorthand for 'totally unsupported and will break the next time the filter is reloaded'. I haven't tried this, but a fairly standard AON rule would look something like this:
                nat on vr1 inet from 192.168.1.0/24 to any -> (vr1) round-robin
                You should be able to use something like:
                nat on vr1 inet from 192.168.1.0/24 to any -> { 10.20.30.10, 10.20.30.15 }
                This http://www.openbsd.org/faq/pf/pools.html suggests round-robin might be problematic and that something like this might be better:
                nat on vr1 inet from 192.168.1.0/24 to any -> 10.20.30.12/30 source-hash
                For experimentation, one could copy out the ruleset, modify and reload.
                Again, I haven't actually tried this, so YMMV.

                1 Reply Last reply Reply Quote 0
                • S
                  sullrich
                  last edited by

                  Patches accepted.  What would be really cool is one could enter an alias for the outbound pools on the AON page.  However, someone will shoot themselves in the foot if they fail to add a VIP for any IPs not defined on the respected interfaces.

                  1 Reply Last reply Reply Quote 0
                  • J
                    jsl
                    last edited by

                    @tdickson:

                    I would love to use this feature to get around - or mitigate PPTP issues.
                    fricken seems to have hit a wall (either that or I can't figure it out)  and I have 90 public IP's I would love to randomize to help with PPTP connections…
                    You said you can set it up non-GUI?  I've been searching around, and this post (with no answer) is about as accurate as I can come by.
                    Any pointers are more than welcome.

                    have you managed to get this to work? I'm looking into doing the same thing…

                    1 Reply Last reply Reply Quote 0
                    • First post
                      Last post
                    Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.