Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    AWS on PFSense. What's the proper config for routing?

    Scheduled Pinned Locked Moved Problems Installing or Upgrading pfSense Software
    20 Posts 2 Posters 2.5k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • J
      joshuamichaelsanders @Derelict
      last edited by

      @derelict Shouldn't the WAN address be the elastic IP address AWS assigned me instead of the public subnet IP address?

      1 Reply Last reply Reply Quote 0
      • DerelictD
        Derelict LAYER 8 Netgate
        last edited by

        No. The VPC NATs from the interface IP address to the Elastic IP on the igw.

        Chattanooga, Tennessee, USA
        A comprehensive network diagram is worth 10,000 words and 15 conference calls.
        DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
        Do Not Chat For Help! NO_WAN_EGRESS(TM)

        J 1 Reply Last reply Reply Quote 1
        • J
          joshuamichaelsanders @Derelict
          last edited by

          @derelict Well, then I'm out of ideas. Thanks for trying.

          1 Reply Last reply Reply Quote 0
          • DerelictD
            Derelict LAYER 8 Netgate
            last edited by

            How about you post screen shots. Something might not be set how you think it is.

            LAN, WAN, Outbound NAT.

            Maybe a screen shot of the states filtered on the interesting traffic.

            Are you getting any alerts on the dashboard that the rule set isn't loading or anything like that?

            Chattanooga, Tennessee, USA
            A comprehensive network diagram is worth 10,000 words and 15 conference calls.
            DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
            Do Not Chat For Help! NO_WAN_EGRESS(TM)

            J 1 Reply Last reply Reply Quote 0
            • J
              joshuamichaelsanders @Derelict
              last edited by

              @derelict I really hate stupid things that defy explanation. I just changed the manual NAT rule source address to any from the 172.16.3.0/24 network and ping started going through. I changed it back to 172.16.3.0/24 and it's still working. It's times like these I wish I had picked a different career

              1 Reply Last reply Reply Quote 0
              • DerelictD
                Derelict LAYER 8 Netgate
                last edited by Derelict

                Maybe didn't hit apply? Were you running a continuous ping and didn't stop/start it after changing outbound NAT?

                Chattanooga, Tennessee, USA
                A comprehensive network diagram is worth 10,000 words and 15 conference calls.
                DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
                Do Not Chat For Help! NO_WAN_EGRESS(TM)

                J 1 Reply Last reply Reply Quote 0
                • J
                  joshuamichaelsanders @Derelict
                  last edited by

                  @derelict Yes, it was continuous.

                  1 Reply Last reply Reply Quote 0
                  • DerelictD
                    Derelict LAYER 8 Netgate
                    last edited by

                    Then changing NAT would not affect the already-established state. You would have had to stop and restart the ping or kill states.

                    Chattanooga, Tennessee, USA
                    A comprehensive network diagram is worth 10,000 words and 15 conference calls.
                    DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
                    Do Not Chat For Help! NO_WAN_EGRESS(TM)

                    J 1 Reply Last reply Reply Quote 0
                    • J
                      joshuamichaelsanders @Derelict
                      last edited by

                      @derelict Yup, rookie move. Thanks for sheparding me around. Now on to 1:1 NAT. I hope it's not as complicated as this process took. Any configuration guides you can point me too?

                      DerelictD 1 Reply Last reply Reply Quote 0
                      • DerelictD
                        Derelict LAYER 8 Netgate @joshuamichaelsanders
                        last edited by

                        @joshuamichaelsanders 1:1 NAT for what?

                        Chattanooga, Tennessee, USA
                        A comprehensive network diagram is worth 10,000 words and 15 conference calls.
                        DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
                        Do Not Chat For Help! NO_WAN_EGRESS(TM)

                        J 1 Reply Last reply Reply Quote 0
                        • J
                          joshuamichaelsanders @Derelict
                          last edited by

                          @derelict Host a web server, mail server, etc.

                          1 Reply Last reply Reply Quote 0
                          • First post
                            Last post
                          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.