Outbound NAT failing? Watch out for these gotchas

  • Seems like every time I setup a new router with multiple WAN IPs allocated to specfic NAT host machines (servers) I ALWAYS forget the following- so I hope this will help some others out there:

    • Manually enter the outbound NAT rule and move it to the top of the list

    • Reboot your ISP's router

    I can't tell you how many times I have setup Virtual IPs (or Server NAT in m0n0wall ) addresses, then scratched my head when "whatismyip.com" tells me the server is still on the primary WAN IP of the pfsense device.

    The last one especially seems to get me every time- the ISP's router caches IP addresses, so even if you do everything perfect in PFSense, it still reports all traffic from the PFSense WAN as coming from the primary WAN IP listed in the Interface settings until you reboot that thing.