Nat policy through username

  • Hi!
    I need something like NAT policy by username.
    So, we have several WAN connections and I wish to NAT user through specific interface (wan connections) depending on username.
    Can this be achieved by pfsense?
    Thanks in advance.

  • LAYER 8 Global Moderator

    Policy routing can be based upon source IP, dest IP, dest port, etc.

    Why can you not just assign the user a specific IP and then policy route it that way?  Are different users coming from same IP, like a kiosk machine or something

  • Hi!
    Yes, users are using one IP on terminal server. I also tried to use virtual IP but there is no way to make static mapping user - IP.
    So, the only way of identification is username…
    Maybe someone faced with such task and there is another product to solve it?

  • No you can't do that on traffic that doesn't originate on pfSense itself. The username or any other identification information doesn't make it outside the sending host in such a way it could be used in packet filtering or NAT on pfSense.

  • LAYER 8 Global Moderator

    You would normally do such a thing with a proxy that users auth too.

Log in to reply