Source URL alias not working in NAT
-
I have a NAT rule I've been working with to forward external HTTPS requests to an internal server. When I omit any source address filtering from the NAT rule, it works as expected.
Then I create 2 firewall URL aliases both using the Cloudflare IPv4 list:
https://www.cloudflare.com/ips-v4
One of the aliases is Type=URL (IPs) and the other is Type=URL Table (IPs).If I then modify the NAT rule to add one of these aliases as a source address filter:
-
using the table type continues working as expected,
-
but using the non-table type stops working altogether.
All of this is done by just editing the same NAT rule and only changing the source fields from "Any" to "Address or Alias" and typing in the name of the alias. I can go back and forth between working and non-working conditions many times, so it's not a typo.
I also noticed that the table alias shows up in the auto complete drop-down list when typing the alias name, but the non-table alias does not. However, both of them display the list of IPs that were fetched from Cloudflare when I hover over the alias name in the list of active NAT rules.
This rule used to work fine with the non-table URL alias. Unfortunately, it's not used heavily, so I'm not sure when it stopped working.
I'm currently running pfSense+ 23.09.
For now, I have a workaround, so I'm just sharing this in case others come across this. I'm also curious if somebody can point out something I'm doing wrong.
-