Issue with Outbound NAT using Network and Broadcast addresses

  • We have a pfsense cluster that we use for our wireless clients. We use Manual Outbound NAT to translate the private IPs into public IPs. We are running issues where when we translate onto a subnet, it will use all of the addresses in that subnet including the network and broadcast addresses which shouldn't be valid.

    An example of this would be setting up the following NAT rule:
    Translate to

    This NAT rule would then end up assigning some clients the ips and on the WAN side which should not happen since they are reserved for network and broadcast respectively.

    Any ideas?


  • LAYER 8 Netgate

    That is just doing what it has been told to do. It doesn't know they are network/broadcast addresses.

    If you were to specify only a /29 out of that for NAT you would expect it to use the first and last addresses.

    You can use a host alias range from and to the addresses you desire to use. Define the alias like and the heavy lifting will be done for you.

  • Thank you Derelict. The Host Alias feature is doing exactly what I need and want it to. Guess I had missed it when reading through the documentation.

Log in to reply