OPT interface exit route nightmare
-
Like this one ?
Int : WAN2
Source : GUEST network
source : *
dest : *
dest port : *
NAT addr : WAN2 interface address
NAT port : * -
Yes.
-
Is that wan2 nat being applied? Do a simple sniff on your wan2 - when you send traffic to say your wan2 gateway from this guest client which you say works is pfsense natting this to its wan2 IP?
Can pfsense using wan2 get to the itnternet?
-
Post your GUEST rules.
-
Thx @viragomann, now that I've added the NAT rule, it's working !
I still don't know why this NAT rule is needed though... Isn't the interface supposed to forward the traffic to the default gateway / or rule specific gw ? -
If it doesn't NAT it how does the upstream know how to get back to this downstream network. You wuldn't have to nat it if your upstream knew how to get back to this network.
If your wan2 is public - then yeah for sure it has to be natted, since rfc1918 doesn't route on the internet.
-
@mike315 said in OPT interface exit route nightmare:
I still don’t know why this NAT rule is needed though… Isn’t the interface supposed to forward the traffic to the default gateway / or rule specific gw ?
You have to distinguish routing and NAT.
If your internet router have no static route to your guest network behind pfSense, you have to do NAT on outbound traffic.
If the outbound NAT work in automatic mode, the necessary rules should be added by pfSense automatically, but sometimes that fails. -
But my internet router has a static route to my guest network, with pfsense as a GW...
-
What?
Draw a diagram. Please be specific and complete.
-
If it has a route for the guest network pointing to pfSense NAT shoudn‘t be needed. Maybe therer is something wrong with it.
Since you have 2 WANs, does the route point to the right address? -
Ok, it's working now that I've disabled the NAT rule, not sure what was wrong before...
