Outbound NAT with IP pool
-
Hello All,
I've been a longtime pfSense user with a netgate appliance currently running our DMZ.
We have a new pfSense appliance which I want to take over internal VLAN routing in the short term, with a longer term goal for the pfSense to be a multi WAN edge router. At the moment, the pfSense is not our edge router (and I am unable to modify the config of the edge router).
I am trying to get our VLANs talking to our local LAN and the internet at large. I have setup an outgoing NAT on my local LAN interface with an IP pool. However, I can't get any traffic working using the IP Pool. It will work, however, if I NAT to the interface address.
The setup is as follows.
The MGT interface is currently acting as my local LAN interface.
MGT interface IP address is x.x.x.61.
For testing, the single "pool" address is x.x.x.97. This is registered as a host alias
Outbound NAT mode is hybrid.The outbound NAT rule is as follows
The aliases I have setup are
With the NAT Address set to vl020_nat_addresses I can't get any outbound traffic happening. With the NAT Address set to "Interface Address" it does work. pool options are set to "Round Robin with sticky".
Do I need to add the .97 as a virtual IP? I did try that but it didn't seem to work. Do I need "inbound" rules on the MGT interface to allow traffic for .97?
Is there anything else I've missed?
Thanks in advance for any assistance.
Cheers,
Chris. -
@stebbo said in Outbound NAT with IP pool:
Do I need to add the .97 as a virtual IP?
Exactly. You have to add this address as type "IP alias" to the MGT interface. Otherwise there will be no communication possible with that IP.
-
@viragomann said in Outbound NAT with IP pool:
@stebbo said in Outbound NAT with IP pool:
Do I need to add the .97 as a virtual IP?
Exactly. You have to add this address as type "IP alias" to the MGT interface. Otherwise there will be no communication possible with that IP.
Hi viragomann,
thanks for the response. I have since discovered my problem, it seems the IP address I picked was in use elsewhere on the network (undocumented of course). Once I picked a free IP address it's all working as I had expected.
Many thanks,
Chris.