Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Outbound Nat with multiple WANS

    Scheduled Pinned Locked Moved NAT
    5 Posts 2 Posters 2.2k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • G Offline
      geewhz01
      last edited by

      I have 3 Internet connections and I have multiple internal lans.  The Outbound NAT works as expected as long as each vlan/internal lan has it's own outbound nat, but if I try to take one host from the same vlan and assign a different ip for outbound nat it still appears as it's coming from the same source rather than the specific source for that entry.

      For example in the outbound nat, the 4th entry should be getting a .238 address, but it's in the same network at the 6th rule.  On the firewall rules you will see that I have assigned the interface of ATT for the same server in the NAT rules.  When I do this it still goes out the primary wan interface and obviously can't assign the proper NAT address.  I know I'm just doing something wrong with this one, any help is greatly appreciated.  I'm running RC1 of 1.2.3.

      pfsensefiirerule.jpg
      pfsensefiirerule.jpg_thumb
      pfsensenat.jpg
      pfsensenat.jpg_thumb

      1 Reply Last reply Reply Quote 0
      • K Offline
        kpa
        last edited by

        The order of the firewall rules is significant, you have to place rules with a specific gateway above rules that use the default gateway so they have precedence.

        1 Reply Last reply Reply Quote 0
        • G Offline
          geewhz01
          last edited by

          @kpa:

          The order of the firewall rules is significant, you have to place rules with a specific gateway above rules that use the default gateway so they have precedence.

          I understand that and I believe that is the case in the example.  I understand the specific gateway needs to be first and in this case the 4th rule in the nat is.  I just didn't believe the other specific addresses would matter that they have no gateway.  Either way I have moved that rule to the  top and just believe the deny rule, it does not make any difference.  The way it's acting, anything that is in my default lan appears to always go out the WAN interface with the interface address.

          1 Reply Last reply Reply Quote 0
          • K Offline
            kpa
            last edited by

            What I mean the order of the firewall rules, not outbound nat rules. Policy routing is done with firewall rules in pfSense. The outbound nat rules are used after the routing decision has been made, not before.

            1 Reply Last reply Reply Quote 0
            • G Offline
              geewhz01
              last edited by

              @kpa:

              What I mean the order of the firewall rules, not outbound nat rules. Policy routing is done with firewall rules in pfSense. The outbound nat rules are used after the routing decision has been made, not before.

              Gotcha, I see where I was making a mistake as well.

              Thanks!!!

              Andy

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.