Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    AWS on PFSense. What's the proper config for routing?

    Scheduled Pinned Locked Moved Problems Installing or Upgrading pfSense Software
    20 Posts 2 Posters 2.5k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • DerelictD
      Derelict LAYER 8 Netgate
      last edited by

      No. The VPC NATs from the interface IP address to the Elastic IP on the igw.

      Chattanooga, Tennessee, USA
      A comprehensive network diagram is worth 10,000 words and 15 conference calls.
      DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
      Do Not Chat For Help! NO_WAN_EGRESS(TM)

      J 1 Reply Last reply Reply Quote 1
      • J
        joshuamichaelsanders @Derelict
        last edited by

        @derelict Well, then I'm out of ideas. Thanks for trying.

        1 Reply Last reply Reply Quote 0
        • DerelictD
          Derelict LAYER 8 Netgate
          last edited by

          How about you post screen shots. Something might not be set how you think it is.

          LAN, WAN, Outbound NAT.

          Maybe a screen shot of the states filtered on the interesting traffic.

          Are you getting any alerts on the dashboard that the rule set isn't loading or anything like that?

          Chattanooga, Tennessee, USA
          A comprehensive network diagram is worth 10,000 words and 15 conference calls.
          DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
          Do Not Chat For Help! NO_WAN_EGRESS(TM)

          J 1 Reply Last reply Reply Quote 0
          • J
            joshuamichaelsanders @Derelict
            last edited by

            @derelict I really hate stupid things that defy explanation. I just changed the manual NAT rule source address to any from the 172.16.3.0/24 network and ping started going through. I changed it back to 172.16.3.0/24 and it's still working. It's times like these I wish I had picked a different career

            1 Reply Last reply Reply Quote 0
            • DerelictD
              Derelict LAYER 8 Netgate
              last edited by Derelict

              Maybe didn't hit apply? Were you running a continuous ping and didn't stop/start it after changing outbound NAT?

              Chattanooga, Tennessee, USA
              A comprehensive network diagram is worth 10,000 words and 15 conference calls.
              DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
              Do Not Chat For Help! NO_WAN_EGRESS(TM)

              J 1 Reply Last reply Reply Quote 0
              • J
                joshuamichaelsanders @Derelict
                last edited by

                @derelict Yes, it was continuous.

                1 Reply Last reply Reply Quote 0
                • DerelictD
                  Derelict LAYER 8 Netgate
                  last edited by

                  Then changing NAT would not affect the already-established state. You would have had to stop and restart the ping or kill states.

                  Chattanooga, Tennessee, USA
                  A comprehensive network diagram is worth 10,000 words and 15 conference calls.
                  DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
                  Do Not Chat For Help! NO_WAN_EGRESS(TM)

                  J 1 Reply Last reply Reply Quote 0
                  • J
                    joshuamichaelsanders @Derelict
                    last edited by

                    @derelict Yup, rookie move. Thanks for sheparding me around. Now on to 1:1 NAT. I hope it's not as complicated as this process took. Any configuration guides you can point me too?

                    DerelictD 1 Reply Last reply Reply Quote 0
                    • DerelictD
                      Derelict LAYER 8 Netgate @joshuamichaelsanders
                      last edited by

                      @joshuamichaelsanders 1:1 NAT for what?

                      Chattanooga, Tennessee, USA
                      A comprehensive network diagram is worth 10,000 words and 15 conference calls.
                      DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
                      Do Not Chat For Help! NO_WAN_EGRESS(TM)

                      J 1 Reply Last reply Reply Quote 0
                      • J
                        joshuamichaelsanders @Derelict
                        last edited by

                        @derelict Host a web server, mail server, etc.

                        1 Reply Last reply Reply Quote 0
                        • First post
                          Last post
                        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.