Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Respond to NAT on additional WAN interface

    Scheduled Pinned Locked Moved NAT
    3 Posts 2 Posters 468 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • W
      wzkds
      last edited by

      Looking for a bit more assistance with an ongoing issue. Has to do with the failover WAN responding to the the primary WANs IP. Below is a bit of a network diagram to reference. Diagram.png

      So the network does get advertised out to ISP B when there is a failover and successfully routes out and back in, when ISP A goes down. The issue i'm running into is when trying to get back into anything that is setup with a port forward I get the PFSense GUI. Also run into the issue with outbound NAT. Is there a way to force it the secondary interface with the originating IP coming from the ISP A network? (example being 10.0.0.2 Going out ISP B instead of showing as 192.168.1.2)

      S 1 Reply Last reply Reply Quote 0
      • S
        SteveITS Galactic Empire @wzkds
        last edited by

        @wzkds re: port forwards, you will need NAT rules on both interfaces (copy rule with destination of "WAN2 Address"). The only way someone outside would see the pfSense GUI is if port 443 is accessible from the WAN which I would not recommend.

        I am not sure I understand your outbound question, but traffic going out 192.168.1.x will need to use that subnet in order to talk to the 192.168.1.1 gateway. But the Internet shouldn't see either of those private IPs.

        Pre-2.7.2/23.09: Only install packages for your version, or risk breaking it. Select your branch in System/Update/Update Settings.
        When upgrading, allow 10-15 minutes to restart, or more depending on packages and device speed.
        Upvote 👍 helpful posts!

        W 1 Reply Last reply Reply Quote 0
        • W
          wzkds @SteveITS
          last edited by

          @steveits I'm looking at not trying to use WAN2 address. I'm wanting to use the VIP assigned under the primary WAN. As I understand it, the VIP won't actually be affected unless the interface itself goes down?

          As for the outbound, its a similar scenario, I'm wanting to use the same VIP regardless of the interface its sent out. End result being, regardless of which interface is primary for sending out traffic, I want it to always be seen from a specific VIP that is associated to the 10.0.0.x network.

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.