4. Outgoing NAT'ing from a single IP

Outgoing NAT'ing from a single IP


  • Hello, I have a problem whit Outbound NAT.
    I have an internet link with several public IP addresses. I need to make two computers go out to the internet inside my same LAN but by different public IP. I read in another post that I can use VIP and Manual/Hybrid Outbond NAT to do it. I've done it but I can't make it work.
    Any advice on how to make it work? Should I add a firewall rule?
    0_1547470970609_nat.PNG
    I leave a capture, from that IP I test and see that my public IP is sometimes the one I assign to NAT and sometimes not. I must do something else so that the public IP is always the one I assigned to it in Outbound NAT?
    By the way, I'm using Hybrid Outbound NAT.

    Thanks for help.
    Gabriel

    0
  • K

    You can use a firewall rule on your LAN side to specify a gateway for traffic matching the Source you specify. Look under Advanced->Gateway in the firewall rule.

    0 1 Reply

  • @kevinmitky And how would I do that? I have only one gateway. And I need to use a Virtual IP as the output IP so that the public IP is different.

    0
  • K

    If you have several public IPs I would assign them to gateways. Maybe I'm misunderstanding what your aim here is, I don't think you can use a virtual IP in public addressing space

    0
  • Rebel Alliance Developer Netgate

    Using hybrid outbound NAT with a VIP is the solution here. The rule shown should be OK, but keep in mind that it will only apply to new connections made after the rule was put in place. If the client had existing connections, those would still show in a packet capture as using the old address.

    You would have to clear the states or restart the client to ensure all of its connections are using the new rule.

    And checking the state table is much easier than using a packet capture.

    1 1 Reply
  • A

    dear
    i have the same issue , i tried this but its not working at all

    regards

    0
  • Rebel Alliance Developer Netgate

    @ahmedkunnana said in Outgoing NAT'ing from a single IP:

    i have the same issue , i tried this but its not working at all

    If you setup the VIP and rule properly, it works. Start your own thread with more information and specific details for assistance.

    1
    A
     1 Reply
  • A

    @jimp i already started mu owun subject
    please help

    regards

    0
  • Rebel Alliance Developer Netgate

    There is a whole forum full of people who can assist. I am not available for personalized help upon request.

    1
    A
     1 Reply
  • A

    @jimp sorry sir

    0

  • @jimp thanks for reply.
    I was able to make it work. There are some tricks to make it work well. Now I have to go. Tomorrow I write how I made it work.
    Bye

    Gabriel

    0 1 Reply

  • @_neok said in Outgoing NAT'ing from a single IP:

    @jimp thanks for reply.
    I was able to make it work. There are some tricks to make it work well. Now I have to go. Tomorrow I write how I made it work.
    Bye

    Gabriel

    I had a rule to allow me to navigate my entire LAN through another gateway. I had to make an IP alias of my LAN by taking out the local IP in question. Along with that I set the local IP to go out to the internet through the same gateway over which is the interface that has the VIP associated. That, in combination with the Hybrid Outbound NAT and that's it. I was able to fix it.

    Thanks for help
    Best regards

    Gabriel

    0
Log in to reply
 

Products

Applications

Support

Services

News

Resources

Company

Our Mission

As host of the pfSense open source firewall project, Netgate believes in enhancing network connectivity that maintains both security and privacy. We also believe everyone should be able to afford it.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2002 - 2019 Rubicon Communications, LLC | Privacy Policy