Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Routing from BGP Network out through NAT

    Routing and Multi WAN
    2
    6
    912
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • C
      ComputingDon
      last edited by

      Currently running a Nested NSX-T instance connecting BGP to pfSense. All of my networks that are not using BGP route out through the pfSense NAT with no problems. Routing from the BGP networks to the other networks work with no issues.
      When attempting to exit through the NAT from the BGP networks though the traffic stops at the pfSense interface. I saw traffic being blocked from the esx hosts by the default rule and created a rule and no longer see any blocked traffic for the esx hosts but the traffic still stops at the pfSense interface. I'm not sure where to look for better insight or if there is a known solution to get the BGP networks to route out of the pfSense through the WAN interface.

      DerelictD 1 Reply Last reply Reply Quote 0
      • DerelictD
        Derelict LAYER 8 Netgate @ComputingDon
        last edited by

        @computingdon Are the source networks of the downstream routes matched in Firewall > NAT, Outbound so they get outbound NAT treatment?

        Chattanooga, Tennessee, USA
        A comprehensive network diagram is worth 10,000 words and 15 conference calls.
        DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
        Do Not Chat For Help! NO_WAN_EGRESS(TM)

        C 1 Reply Last reply Reply Quote 0
        • C
          ComputingDon @Derelict
          last edited by

          @derelict Yes, the traffic reaches a .251.x network that is on the firewall and that is on the outbound NAT list.

          DerelictD 1 Reply Last reply Reply Quote 0
          • DerelictD
            Derelict LAYER 8 Netgate @ComputingDon
            last edited by

            @computingdon Then it will get outbound NAT.

            Chattanooga, Tennessee, USA
            A comprehensive network diagram is worth 10,000 words and 15 conference calls.
            DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
            Do Not Chat For Help! NO_WAN_EGRESS(TM)

            C 1 Reply Last reply Reply Quote 0
            • C
              ComputingDon @Derelict
              last edited by

              @derelict And it isn't though. The traffic stops at the pfSense interface and doesn't leave.

              DerelictD 1 Reply Last reply Reply Quote 0
              • DerelictD
                Derelict LAYER 8 Netgate @ComputingDon
                last edited by

                @computingdon You'll need to post details. The source address of the connection, the route back to it, the firewall rules passing that traffic when it enters pfSense, and the outbound NAT rules.

                Chattanooga, Tennessee, USA
                A comprehensive network diagram is worth 10,000 words and 15 conference calls.
                DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
                Do Not Chat For Help! NO_WAN_EGRESS(TM)

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post
                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.