Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Manual Outbound NAT in 2.0

    Scheduled Pinned Locked Moved NAT
    6 Posts 2 Posters 7.8k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • X
      xtropx
      last edited by

      Hey guys I am just looking to get a little more information here about Manual Outbound NAT in pfSense 2.0. In 1.2.3 I would just switch to Manual Outbound, and create simple rules to allow NAT to each one of my OPT interfaces, and to set up static ports on my networks for game servers, etc. It was pretty simple. I go to enable Manual Outbound in 2.0 and pfsense just vomits up all these esoteric rules I have no knowledge of. I am a little confused on how to go about this.

      Should I just leave all those rules there, and proceed to create rules to NAT to my OPT interfaces/static port for game servers etc. as I normally would, or should I delete them and start over? If someone has some additional information or a link on the changes made to Manual Outbound NAT in 2.0 I would love to give it a read. Rules look like this: http://i.imgur.com/enQwK.jpg (there is more) Thanks in advance!

      Regards,

      xtropx

      1 Reply Last reply Reply Quote 0
      • P
        podilarius
        last edited by

        Looks like you have many duplicates, like you may have had rules in there before and then re-enabled with the new version. I would erase them all, switch to auto, then switch backup and let it create the rules for existing networks. Or manually remove duplicates and go from there.

        1 Reply Last reply Reply Quote 0
        • X
          xtropx
          last edited by

          It is weird because I switch to Manual, delete them all, switch to Auto and then back to Manual, they all re-appear. They must be related to something, I just can't be sure what…

          Regards,

          xtropx

          1 Reply Last reply Reply Quote 0
          • P
            podilarius
            last edited by

            When you do that, it tries to create rules for all the different non-WAN interfaces (including PPTP and such). So just remove the duplicates and what you don't need and create what you do need.

            1 Reply Last reply Reply Quote 0
            • X
              xtropx
              last edited by

              Alright, thanks. This is what I have now:
              http://i.imgur.com/j6ldZ.jpg
              I am not sure what I am going to do about PPTP yet; not sure if the "remote address range" gets automatically sub-netted with a /28 anymore, but this should work for now right? I was just confused as to why pfSense was auto-creating rules that made no sense to me like rules for ISAKMP & rules like 127.0.0.0/8 port 1024:65535. ???

              Regards,

              xtropx

              1 Reply Last reply Reply Quote 0
              • P
                podilarius
                last edited by

                The ISAKMP may not be necessary is you are not running a VPN. The 127.0.0.1/8 NATs the local firewall traffic for things like package downloads, DNS lookup, and other firewall services that go to the internet. You might want to leave that one. I am not sure about the PPTP stuff. I have never used it.

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post
                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.