1:1 NAT not working for outbound traffic after upgrade to 2.5.2-RELEASE
-
We have experienced a couple of firewalls that are sending traffic out the main IP on the WAN interface even when a 1:1 is configured. Inbound traffic is being NAT'd just fine. The fix for this has been to add an oubound nat rule in as well. I don't believe this is normal behavior unless I missed something somewhere.
We just recently upgraded these firewall from 2.4.5-RELEASE-P1 to 2.5.2-RELEASE.
Has anyone else experienced this?
-
@broncoman I just looked at one with this setup that is on 21.05, and traffic is going out on different IPs. They do have "Manual Outbound NAT" checked though. What is your outbound NAT setting?
Per the docs, "All traffic originating from that private IPv4 address going to the Internet will be mapped by 1:1 NAT to the public IPv4 address defined in the entry, overriding the Outbound NAT configuration."
-
Sorry for the late response, I ended up out of the office until today.
I use the Hybrid setting on all of my edge firewalls. This auto sets the NAT rules for all the internal networks and allows for custom rules that need to go out different IP's. I have been using pfSense this way for almost 10 years and remember having to do the outbound NAT a long time ago along with the 1:1, but that hasn't been an issue until now. I'm not seeing this on most of the firewalls either so I may have a misconfiguration in there, or a policy route that I missed.