Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    NAT - Source Hash netblock - assigning GW & Broadcast

    Scheduled Pinned Locked Moved General pfSense Questions
    4 Posts 2 Posters 399 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • F
      fusionp
      last edited by

      Hi all. Quick question on outbound NAT.
      I need to use "Source Hash" to gaurantee same internal IP always receives same outgoing.
      The only way I understand this can work is with Source#. I have a block of 64 public IP's. First IP is my interface address, 2nd IP is my gateway IP, and obviously last IP is the broadcast. If I use the netblock /26 on the outbound then some internal IP's are assigned the gateway address and broadcast addres..those connections then obviously dont get an internet connection. I then have to resort to breaking the netblock up into smaller /28's and /29's.

      Any suggestions on how I can still achieve source hash while using internal /22 and mapping it to /26 while stopping it assigning out the gateway and broadcast address?
      Thanks!

      1 Reply Last reply Reply Quote 0
      • stephenw10S
        stephenw10 Netgate Administrator
        last edited by

        You can create an Alias with the range of IPs you want and then use that as the translation address in the outbound NAT rule.

        You can create the alias as type hosts add your /26 to it, it will be expanded to all IPs in that subnet. Then edit it and remove the gateway and network addresses. Or any others you don't want to use.

        BUT as you may have found you can only use round-robin with a range of that type. You can use round-robin with sticky addresses though which may be sufficient for your use.

        Steve

        F 1 Reply Last reply Reply Quote 0
        • F
          fusionp @stephenw10
          last edited by

          @stephenw10 Thank you. I used to use it as per your suggestion, but with sticky the client still hets different NATd IP's per new connection which is what I cant have. Has to be source hash Im afraid. Just dont know how else to go about it.

          1 Reply Last reply Reply Quote 0
          • stephenw10S
            stephenw10 Netgate Administrator
            last edited by

            There's no other way I'm aware of I'm afraid. If you need to use source hash you need to use a subnet as the translation so you need to use a set of smaller translation rules.

            Steve

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.