Automatic outbound NAT not working
-
I've two internet access connected to a Netgate 6100. The automatic outbound NAT doesn't work for the primary internet access. Also the status on system/routing remains on pending, the gateway and monitor ip should be assigned dynamically. But in the routing table it uses the gateway from my ISP on the primary internet access. For me it looks like there is an issue with my setup that the primary internet access interface is not considered as wan.
Do you have any idea what to check or how to fix?
Thanks a lot
-
@em_gerber said in Automatic outbound NAT not working:
The automatic outbound NAT doesn't work for the primary internet access. Also the status on system/routing remains on pending, the gateway and monitor ip should be assigned dynamically.
Which internet connection is this?
Is there a modem / router in front of pfSense?
Or do you get the public IP on pfSense via DHCP or PPPoE or alike? -
The pfsense is connected to a Zyxel AX7501-B0 which is in bridge mode. The Zyxel is connected to a xgspon fiber line.
The pfsense ipv4 wan interface is configured as dhcp. I get the ip address via dhcp. That works. But I have to add the outbound nat manually and also the gateway in routing is missing for ipv4. This works for ipv6 (also via dhcp). -
@em_gerber
If you get an IP and a gateway via DHCP, pfSense should add an outbound NAT rule if it's in automatic mode.
Check out Status > interfaces. -
@viragomann
This is not the case. The inteface status looks good. I use the hybrid outbound nat, but it doesn't autocreate outbound rules. I have to add it per LAN subnet as a manual configuration.What I've seen now is that I don't have a Gateway IPv4 in the interface status. But I get this for my second wan interface. Is the gateway calculated based on the subnet mask or should I get it from my ISP?
-
@em_gerber said in Automatic outbound NAT not working:
The inteface status looks good. I use the hybrid outbound nat, but it doesn't autocreate outbound rules. I have to add it per LAN subnet as a manual configuration.
What I've seen now is that I don't have a Gateway IPv4 in the interface statusWithout a gateway, the interface is not configured correct. So it is not good.
As I mentioned above the gateway is required for automatic outbound NAT configuration.AS you say, the WAN interface is configured by DHCP, so also the gateway should be come from the DHCP server. If there is no gateway assigned to the interface, there must be something wrong with the DHCP. Maybe there are some conflicts.
So check out Status > System Logs > DHCP. Look for lines from DHCP client.
-
@viragomann
It's a little strange for me. If I check the DHCP logs I see the following:
Jun 15 21:47:49 dhclient 34113 New Routers (ix3): x.x.x.1
Jun 15 21:47:49 dhclient 34111 New Broadcast Address (ix3): x.x.x.255
Jun 15 21:47:49 dhclient 33878 New Subnet Mask (ix3): 255.255.254.0
Jun 15 21:47:49 dhclient 33850 New IP Address (ix3): x.x.x.254
Jun 15 21:47:49 dhclient 32208 DHCPREQUEST on ix3 to 255.255.255.255 port 67But, the interface status doesn't have a Gateway IPv4 entry.
Status up
DHCP up
MAC Address xx:xx:xx:xx:xx:xx
IPv4 Address x.x.x.254
Subnet mask IPv4 255.255.254.0I receive the gateway in the dhcp logs (New Router). But it doesn't show up on the interface.
Any further idea?
-
@em_gerber
Search the "New Router" IP in the system log. Maybe there is a hint for the issue.Is the gateway shown in Status > Gateways or in System > Routing > Gateways?
-
@viragomann
No entry with the ip address in syslog found.Gateway isn't present. I have to add it manually.
I have also a second wan interface, that works. But, sometimes the status in System > Routing > Gateways changes to pending and stays in this status.
-
Just FYI. There is now a Redmine open for this bug https://redmine.pfsense.org/issues/13279