1:1 NAT outbound selection

  • I have two WAN interfaces, and a few servers. Each server has 2 1:1 NAT mappings, 1 for each WAN interface. For other client computers, I set the outbound WAN interface by creating a firewall LAN rule and setting the gateway. However, these rules have no effect on servers which have a 1:1 NAT mapping. It seems to be using the NAT mapping for the default WAN interface only. I want to use the 2nd WAN interface for some of the servers, or better yet, a failover pool. Whenever I try to create an outbound NAT rule for a LAN IP which has a 1:1 mapping, I get the error "A 1:1 NAT mapping overlaps with the specified target IP address."

  • 1:1 NAT applies to outbound traffic as well as to inbound traffic.
    –> Behind the scene a outbound NAT rule is created which you cannot change.

    Why are you using 1:1 NAT anyway? Do you really have that a large number of ports you want to forward?
    Are normal portforwards no option for you?
    Then you would have the possibility to write your own outbound rules. (you can have the same functionality of 1:1 NAT).

  • That works! I don't know why I didn't think of that. I did have a lot of ports to forward, but aliases make it a little simpler. I control which gateway is used for the servers with a LAN firewall rule like all the user systems now. I tried using outbound NAT rules, but it seemed to break everything as soon as I enabled it. I can't create firewall rules to use a virtual IP as the outgoing gateway. I guess I will keep a 1:1 NAT mapping for my mail server. Obviously the mail server needs to send mail from the IP which its domain resolves to, which I think was why I started using 1:1 NAT to begin with.

Log in to reply