Nat policy through username



  • Hi!
    I need something like NAT policy by username.
    So, we have several WAN connections and I wish to NAT user through specific interface (wan connections) depending on username.
    Can this be achieved by pfsense?
    Thanks in advance.


  • Rebel Alliance Global Moderator

    Policy routing can be based upon source IP, dest IP, dest port, etc.

    Why can you not just assign the user a specific IP and then policy route it that way?  Are different users coming from same IP, like a kiosk machine or something



  • Hi!
    Yes, users are using one IP on terminal server. I also tried to use virtual IP but there is no way to make static mapping user - IP.
    So, the only way of identification is username…
    Maybe someone faced with such task and there is another product to solve it?
    thanks.



  • No you can't do that on traffic that doesn't originate on pfSense itself. The username or any other identification information doesn't make it outside the sending host in such a way it could be used in packet filtering or NAT on pfSense.


  • Rebel Alliance Global Moderator

    You would normally do such a thing with a proxy that users auth too.