Outbound Nat with multiple WANS
-
I have 3 Internet connections and I have multiple internal lans. The Outbound NAT works as expected as long as each vlan/internal lan has it's own outbound nat, but if I try to take one host from the same vlan and assign a different ip for outbound nat it still appears as it's coming from the same source rather than the specific source for that entry.
For example in the outbound nat, the 4th entry should be getting a .238 address, but it's in the same network at the 6th rule. On the firewall rules you will see that I have assigned the interface of ATT for the same server in the NAT rules. When I do this it still goes out the primary wan interface and obviously can't assign the proper NAT address. I know I'm just doing something wrong with this one, any help is greatly appreciated. I'm running RC1 of 1.2.3.
-
The order of the firewall rules is significant, you have to place rules with a specific gateway above rules that use the default gateway so they have precedence.
-
@kpa:
The order of the firewall rules is significant, you have to place rules with a specific gateway above rules that use the default gateway so they have precedence.
I understand that and I believe that is the case in the example. I understand the specific gateway needs to be first and in this case the 4th rule in the nat is. I just didn't believe the other specific addresses would matter that they have no gateway. Either way I have moved that rule to the top and just believe the deny rule, it does not make any difference. The way it's acting, anything that is in my default lan appears to always go out the WAN interface with the interface address.
-
What I mean the order of the firewall rules, not outbound nat rules. Policy routing is done with firewall rules in pfSense. The outbound nat rules are used after the routing decision has been made, not before.
-
@kpa:
What I mean the order of the firewall rules, not outbound nat rules. Policy routing is done with firewall rules in pfSense. The outbound nat rules are used after the routing decision has been made, not before.
Gotcha, I see where I was making a mistake as well.
Thanks!!!
Andy