Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Outbound NAT with IP pool

    Scheduled Pinned Locked Moved NAT
    3 Posts 2 Posters 363 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      stebbo
      last edited by

      Hello All,

      I've been a longtime pfSense user with a netgate appliance currently running our DMZ.

      We have a new pfSense appliance which I want to take over internal VLAN routing in the short term, with a longer term goal for the pfSense to be a multi WAN edge router. At the moment, the pfSense is not our edge router (and I am unable to modify the config of the edge router).

      I am trying to get our VLANs talking to our local LAN and the internet at large. I have setup an outgoing NAT on my local LAN interface with an IP pool. However, I can't get any traffic working using the IP Pool. It will work, however, if I NAT to the interface address.

      The setup is as follows.

      The MGT interface is currently acting as my local LAN interface.
      MGT interface IP address is x.x.x.61.
      For testing, the single "pool" address is x.x.x.97. This is registered as a host alias
      Outbound NAT mode is hybrid.

      The outbound NAT rule is as follows
      d9c021f0-1008-4779-96ec-f7409698916b-image.png

      The aliases I have setup are
      e93d8d2a-3c5e-4fab-9888-b0cef26f0191-image.png

      With the NAT Address set to vl020_nat_addresses I can't get any outbound traffic happening. With the NAT Address set to "Interface Address" it does work. pool options are set to "Round Robin with sticky".

      Do I need to add the .97 as a virtual IP? I did try that but it didn't seem to work. Do I need "inbound" rules on the MGT interface to allow traffic for .97?

      Is there anything else I've missed?

      Thanks in advance for any assistance.

      Cheers,
      Chris.

      V 1 Reply Last reply Reply Quote 0
      • V
        viragomann @stebbo
        last edited by

        @stebbo said in Outbound NAT with IP pool:

        Do I need to add the .97 as a virtual IP?

        Exactly. You have to add this address as type "IP alias" to the MGT interface. Otherwise there will be no communication possible with that IP.

        S 1 Reply Last reply Reply Quote 1
        • S
          stebbo @viragomann
          last edited by

          @viragomann said in Outbound NAT with IP pool:

          @stebbo said in Outbound NAT with IP pool:

          Do I need to add the .97 as a virtual IP?

          Exactly. You have to add this address as type "IP alias" to the MGT interface. Otherwise there will be no communication possible with that IP.

          Hi viragomann,

          thanks for the response. I have since discovered my problem, it seems the IP address I picked was in use elsewhere on the network (undocumented of course). Once I picked a free IP address it's all working as I had expected.

          Many thanks,
          Chris.

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.