1:1 NAT reverse traffic sent to wrong gateway

signorchris

Hello,
I am having an issue in my setup (pfSense 2.4.2_1) which I believe can be related to outbound NAT flows, but I haven't been able to sort out yet.

My setup is:

1. LAN side of pfSense connected to a few hosts, and in particular to a host with IP address 10.20.5.6.
2. I have a 1:1 NAT rule that maps pfSense WAN IP 192.168.1.9 to this host 10.20.5.6.
3. On the WAN side of pfSense I have 2 gateways: 192.168.1.201, to reach a remote network 192.168.4.0/24 and 192.168.1.1, which is the default gateway.

My issue is:

1. if from 10.20.5.6 I ping an host on 192.168.4.0/24, I see that the correct route via 192.168.1.201 is correctly selected, but on the opposite direction.
2. when pinging from 192.168.4.0/24 to 192.168.1.9, I see the corresponding packets being correctly forwarded to 10.20.5.6, as per the 1:1 rule, but the replies, destined to the network 192.168.4.0/24, are not forwarded to the right gateway (192.168.1.201) and are sent to the default gateway 192.168.1.1.

I have been trying to play with the settings in System/Advanced/Firewall & NAT>Network Address Translation, and also with Firewall/NAT/Outbound>Outbound NAT Mode, but couln't getting it working as expected