Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Use of "No BINAT" to exclude WAN VIP not working.

    Scheduled Pinned Locked Moved NAT
    1 Posts 1 Posters 1.4k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      sforsythe
      last edited by

      Hi All,

      I am trying to setup OpenVPN and am having issues that I realize are related to our 1:1 NAT.

      We have a /24 but our provider does not route to us, instead they own the equipment at .1 and we are essentially on a switch port. Meaning we need answer ARP requests using Virtual IP and use 1:1 NAT.

      Given network AA.BB.CC.0/24 , upstream default gw is AA.BB.CC.1 , our pfsense is AA.BB.CC.4/24

      We have 1:1 NAT for AA.BB.CC.8/24 -> 10.10.1.8/24

      I was hoping from the text of the "External subnet IP" box that we could 'start' on an ip not necessarily at the beginning of a network.

      Enter the external (usually on a WAN) subnet's starting address for the 1:1 mapping. The subnet mask from the internal address below will be applied to this IP address.

      That apparently doesn't work, as AA.BB.CC.4 is being NAT'ted to 10.10.1.4

      I tried adding a rule
        No Binat (not)
        External subnet IP: AA.BB.CC.4
        Internal IP: Single host or Alias : 10.10.1.4

      but that did not seem to work.
      If I completely disable the 1:1 NAT , the OpenVPN works instantly.  And I can see in the state table my outside connection going from  outside_ip -> AA.BB.CC.4 -> 10.10.1.4

      Any thoughts or suggestions how to implement this?

      Shane

      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.