Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Outbound Webtraffic on different WAN IP for some Users

    Scheduled Pinned Locked Moved NAT
    5 Posts 2 Posters 846 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • N
      Navy2k
      last edited by

      Hi,

      I'm fiddling with this Problem for a while now and the Problem is I don't get it to work.

      Situation is as follows:

      Some Machines should use a different External IP to surf (port 80 and 443)

      pfSense 2.3.2

      main WAN IP is in a /30 subnet (X.X.X.2) and Gateway is in the same (X.X.X.1) X.X.X.0 is the Network Name and X.X.X.3 should be the broadcast address so we are full.
      We got additional IPs in Y.Y.Y.112/29 wit the same gateway X.X.X.1 so Y.Y.Y.113 - Y.Y.Y.118 should be available as virtual IPs.

      Both hybrid and manual outbound NAT rules have no effect, checking external IP still has the main WAN IP displayed.

      The outbound NAT rule has one of the Y.Y.Y.x IPs as a test right now .114 and this is defined as single address virtual IP Alias with the /29 subnet on the WAN interface.
      In this rule the surce is defined as Z.Z.Z.Z/32 (a single machine from the LAN Subnet)

      The mapping looks like this in the gui:

      Interface:WAN  Source:Z.Z.Z.Z/32  Source Port:*  Destination:*  Destination Port:80 NAT Address:Y.Y.Y.114  NAT port: 80 Static Port: Crossed Arrows

      Any Idea what could go wrong? Do I have to wait some time or reset some cache?

      Thanks in advance,
      Navy

      1 Reply Last reply Reply Quote 0
      • V
        viragomann
        last edited by

        Consider that the outbound NAT rules are applied from top to the bottom, where the first match wins.
        So if you have also other rules in place which would match to this parameters you have to put that one for the specific hosts to the top of the rule set.

        1 Reply Last reply Reply Quote 0
        • N
          Navy2k
          last edited by

          Thanks for the Input, my test is the first 2 entries on top of the list, one for port 80 and one for 443.

          1 Reply Last reply Reply Quote 0
          • V
            viragomann
            last edited by

            I've seen that you've set a NAT port. This shouldn't be set. This will conflict with "static port".
            This is a source NAT rule. You need none of theme.

            Static port means, that the source port is the kept the same when packet going out to WAN as originating from the LAN host, while the NAT port forces it to 80.
            So you should delete the NAT port and uncheck static port.

            1 Reply Last reply Reply Quote 0
            • N
              Navy2k
              last edited by

              Thank you very much, that was indeed the problem. I thought in the wrong direction, the port on the firewalls side can of course be random as long as on the remote side it hits the 80 / 443.

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.