Basic out-going NAT isn't working
-
Why do you have same source network on 2 different interfaces? 172.20/16 And then your openvpn network overlaps with that?
-
The Ovpn interface (HideMyAss) can be seen as a WAN interface and the LAN Device going depending on the Firewall Rule either over WAN_KDG or Hidemyass
-
johnpoz - Thats my question. Its possible my understanding of outbound NAT is broken.
But to me it seems this set of rules wont work well. -
johnpoz - Thats my question. Its possible my understanding of outbound NAT is broken.
But to me it seems this set of rules wont work well.They will not work.
You have 2 rules passing traffic on both WAN_KDG and HYDEMYASS from 172.20.0.0/16 and having the default gateway. The first condition matching the rule will be processed, it means that the one on HYDEMYASS will never be processed.
If my understanding of Outbound NAT is correct.
-
It is. First come, first served.
-
unless you use a firewall rule ….. ;)
-
Yes - You can do it with a firewall rule. Those are also first come first served.
I wouldn't try doing it in two places though. Pick one.
-
So I do not know what you want.
"DUAL" NAT works at the same time. Tested in 2.1.4
psctl -s state | grep 172.20.111.13
ovpnc5 icmp 172.20.111.13:1 -> 10.200.1.4:43502 -> 8.8.4.4 0:0
re1 icmp 172.20.111.13:1 -> 92.99.22.149:61907 -> 8.8.8.8 0:0 -
I have all my NAT here at home set up the same way. Using a failover gateway group of WAN (cable) and DSL. Works perfectly (2.1.5). OP should be able to send outbound traffic to either gateway using policy routing and it should catch the correct NAT rule.
rubinho what are the firewall rules and gateways / gateway groups set up like?
-
At the moment i have no failover WAN , only one gateway rule for a separate proxy that goes over VPN (HideMyAss).
I must first take my Voipserver running before I plug in my second WAN into pfsense