-
In playing with FRR OSPF I have stumbled accross an issue with Outbound NAT.
It seems that only connected and statically-defined kernel routes are automatically added to the Outbound NAT rule, however OSPF-learned subnets are not.
Took me quite some time to figure out why my VMs in remote subnets had access to everything, could perfectly be accessed from the internet, but could not establish any connection towards the internet themselves :D
In the end I just added an "any" Outbound NAT rule to re-establish internet access for those VMs, but this seems like a bad practice.
One of the reasons I'm using OSPF (apart from learning) is to not have to bother too much with various reconfigs all over the place to make a new subnet work. (I'm experimenting with VMware NSX and automation).
Thus my question is⦠is there a way to let OSPF-learned subnets be added to the Outbound NAT rules automatically, or does this functionality not exist?
If not, would a feature request for this be something to consider?Thanks!
-
No. There is no way that dynamic routes can be picked up by automatic outbound NAT.
If they are all privately numbered, you could make an RFC1918 alias (192.168.0.0/16, 172.16.0.0/12, 10.0.0.0/8) and then setup hybrid or manual outbound NAT rules to match that alias as a source.
Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.