Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    multiple WAN IP SNAT after port forward

    Scheduled Pinned Locked Moved NAT
    5 Posts 2 Posters 456 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • G
      groebi
      last edited by

      Hey guys,

      I have a basic question regarding SNAT with multiple WAN IPs.
      I'm changing my ISP in 4 weeks and will get a /27 public IP range. I've already read through the docs and added several virtual IPs to my WAN.
      Since this is my first time using more then one public IP, I'm not sure whats the correct way to handle port forwarding and SNAT.
      If I create a portforward with destination to WANIP3, do I need to create a SNAT rule for replying with the same WANIP3?
      Is this "auto-created" when using hybrid mode? If so, will it NAT out everything to WANIP3 or only the replies from my portforward?

      Thanks a lot

      DerelictD 1 Reply Last reply Reply Quote 0
      • DerelictD
        Derelict LAYER 8 Netgate @groebi
        last edited by Derelict

        @groebi Maybe start by defining your acronyms/initialisms.

        Port forwards apply NAT to destinations on connections coming into that interface.

        Outbound NAT applies NAT to sources on connections leaving an interface.

        1:1 NAT does both incoming and outgoing connections as above.

        Chattanooga, Tennessee, USA
        A comprehensive network diagram is worth 10,000 words and 15 conference calls.
        DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
        Do Not Chat For Help! NO_WAN_EGRESS(TM)

        1 Reply Last reply Reply Quote 0
        • G
          groebi
          last edited by groebi

          @Derelict sry, reading a lot of iptables lately

          Port forwards apply NAT to destinations on connections coming into that interface.

          So if one port forward rule is created, do I still need to create a outbound NAT rule to reply?

          DerelictD 1 Reply Last reply Reply Quote 0
          • DerelictD
            Derelict LAYER 8 Netgate @groebi
            last edited by

            @groebi

            Reply traffic is handled automatically by the stateful nature of the firewall.

            It all depends on which direction the connection is established from outside to inside (a port forward) or inside to outside (outbound NAT).

            Chattanooga, Tennessee, USA
            A comprehensive network diagram is worth 10,000 words and 15 conference calls.
            DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
            Do Not Chat For Help! NO_WAN_EGRESS(TM)

            G 1 Reply Last reply Reply Quote 1
            • G
              groebi @Derelict
              last edited by

              @derelict thanks a lot

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.