1:1 NAT vs Outbound NAT



  • I have two hosts on my firewall that are setup for 1:1 NAT (say 172.16.3.50 & 172.16.3.51 -->> 12.12.12.50 & 12.12.12.51) and then I have a third host that I just want to do outbound NAT for. If I setup the outbound NAT rule for the third host to 172.16.3.0/24 ----> match interface address, will it mess up the 1:1 NAT rules since they are in the same subnet as the /24 rule?



  • The outbound NAT rules are ordered so you can drag them to the desired order. So, put 1:1 IPs towards the top and the subnet at the bottom of the list.



  • I'm seeing the NAT rules on 2 separate screens. One for 1:1 and one for outbound.



  • The 1:1 page is for the inbound connection.

    It can get crossed up if you do that manually, so traffic comes in one IP and the reply is sent out another. That generally doesn't work since the other end drops the reply packets.

    I'm pretty sure pfSense will just automatically do it right. If you can connect out from the servers using 1:1 then connect out to whatismyip.org or something and you can see what IP you're connecting out on.

    On the outbound page what I was trying to say was that any rules entered there are processed in order, like firewall rules.


Log in to reply