Outbound NAT using Interface IP instead of VIP

  • I'm having some problems using a VIP for outbound NAT. For some reason the public IP shows up as the WAN Interface IP instead of the VIP configured in Advanced outbound NAT.

    By the ISP I'm given a single WAN IP and a range of public addresses on a different subnet than the WAN IP.

    pfSense config:
    WAN IP: 125.253.110.x
    OPT1: (labeled PRIVATE)

    I've created a number of P VIPs for the public addresses:

    What I'm trying to achieve with NAT:
    NAT the entire PRIVATE (OPT1) network through one of the VIPs
    (There's a single 1:1 NAT to one of the IPs on OPT1 but not concerned about that. Just to provide all the info)

    On the LAN side there are a number of additional subnets configured (different wireless hotspots with their own subnet each).

    At the moment I'm only testing connections from and haven't worried about the other subnets. Static routes have been setup but to be tested once the basics work.

    My outbound NAT rules are attached. The idea is to spread the outbound connections from the different LAN subnets over a few public IPs.

    When connected to OPT1 and checking my public ip (e.g. with whatsmyip.com) it correctly shows the VIP as per AoN.
    On the LAN side, however, a client ( looks up the same page (whatsmyip.com) and it reports the WAN Interface IP instead of the VIP as per AoN.

    The state table correctly shows the translation between the LAN client and the VIP but for some reason the external web server sees the WAN Interface IP.

    I would appreciate any help as to how I misconfigured pfSense.
    ![NAT rules.jpg](/public/imported_attachments/1/NAT rules.jpg)
    ![NAT rules.jpg_thumb](/public/imported_attachments/1/NAT rules.jpg_thumb)

Log in to reply