Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    HA Multi-Wan + outbound NAT

    NAT
    1
    1
    64
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • G
      globule_655 last edited by

      Greetings everyone !

      I have a question regarding outbound NAT rules in a clustered pfsense configuration with multi-wan.

      Our network consists of multiple user subnets who need to access the Internet.
      Also, we work with clients who need to authorize the specific public IP(s) from witch we access ressources on their side.
      So to describe the setup more in details, we have a pool of public IPs from each ISP and 2 of them are dedicated for Internet access. These are configured as CARPs virtual IPs and I also configured outbound NAT rules to force traffic from users to those CARPs.

      A gateway group is also configured so Internet access should failover in case one of our Internet access goes down.

      Here is a quick draw of the setup :
      pfsense_schema.png

      Here is an example of outbound NAT rule:
      outbound_NAT.png
      Those rules are repeated for each WAN interface.

      Now to the issue that brought me here.

      The other day we lost one of our Internet access. I figured I was golden but in fact I wasn't. All user networks couldn't access the Internet anymore as if only the first outbound NAT rule was processed, forcing outbound traffic to a gateway that was down.

      I thought (obviously mistakenly) the other rule would be processed when seeing traffic and all would go seemlessly. My sentiment is I f*cked up something somewhere...

      What could be wrong in my setup ? How should I set outbound NAT rules so that when one ISP goes down traffic goes to the other CARP as intended ?

      Thank you very much in advance

      1 Reply Last reply Reply Quote 0
      • First post
        Last post

      Products

      • Platform Overview
      • TNSR
      • pfSense
      • Appliances

      Services

      • Training
      • Professional Services

      Support

      • Subscription Plans
      • Contact Support
      • Product Lifecycle
      • Documentation

      News

      • Media Coverage
      • Press
      • Events

      Resources

      • Blog
      • FAQ
      • Find a Partner
      • Resource Library
      • Security Information

      Company

      • About Us
      • Careers
      • Partners
      • Contact Us
      • Legal
      Our Mission

      We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

      Subscribe to our Newsletter

      Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

      © 2021 Rubicon Communications, LLC | Privacy Policy