Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Do 127.0.0.0/8 rules need to be duplicated?

    Scheduled Pinned Locked Moved OpenVPN
    3 Posts 3 Posters 743 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • R
      Ryu945
      last edited by

      For open VPN, the NAT rule:

      Interface: WAN
Source: 192.168.1.0/24
Source Port: *
Destination: *
Destination Port: *
NAT Address: WAN Address
Nat Port: *
Static Port: No

      needs to be duplicated and changed to:

      
Interface: VPN
Source: 192.168.1.0/24
Source Port: *
Destination: *
Destination Port: *
NAT Address: VPN Address
Nat Port: *
Static Port: No

      My question is does the NAT rule:

      Interface: WAN
Source: 127.0.0.0/8
Source Port: *
Destination: *
Destination Port: *
NAT Address: WAN Address
Nat Port: *
Static Port: No

      need to be duplicated and changed to:

      
Interface: VPN
Source: 127.0.0.0/8
Source Port: *
Destination: *
Destination Port: *
NAT Address: VPN Address
Nat Port: *
Static Port: No
      1 Reply Last reply Reply Quote 0
      • V
        viragomann
        last edited by

        This depends on whether you route traffic from pfSene itself (e.g. DNS lookups, updates) through the VPN or not. If this traffic is also routed through VPN you'll need that rule.

        1 Reply Last reply Reply Quote 0
        • M
          Marvho
          last edited by

          I do route DNS lookups through it and I did not setup the 127.0.0.0/8 rule and it's working fine.
          I'm using Hybrid Outbound NAT and just added the LAN Subnet.

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.