AoN Clarification



  • I've setup a 6-zone PFSENSE for a local library (see text diagram below).

    They have a email server in the DMZ.

    I've setup Port Forward rules (and the associated Firewall Rules) to allow incoming email traffic to get to the email server.

    Everything works as expected (i.e. external and internal mail is working).

    I need to setup an Outbound NAT so that email traffic goes out on the same VIP that it comes in on (on WAN2).

    The warning on the AoN checkbox states: "if enabled, no outbound NAT rules will be automatically generated any longer".

    Does that mean any automatically setup rules will then be deleted?

    Will turning that on mess up my existing working setup?

    Am I correct in thinking the following rule will setup the correct outbound email traffic path?

    WAN2    192.168.3.10/32  *  *  *  xxx.xxx.105.170  *  NO

    6-Zone PFSENSE (v1.2 02/24/2008)

    [WAN] xxx.xxx.115.29/29  -  [WAN2/OPT1] xxx.xxx.105.162/27
    [WIFI/OPT4] 10.1.1.254/24 (GW-WAN)  -  [DMZ/OPT3] 192.168.3.1/24 (GW-WAN2)
    [LAN] 192.168.1.254/24 (GW-WAN)  -  [LAN2/OPT2] 192.168.10.254/24 (GW-WAN2)



  • It won't delete any rules already there but if AoN is enabled no rules will be automatically generated for new LAN type interfaces, just like it states.


Log in to reply