Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Outbound NAT using Interface IP instead of VIP

    Scheduled Pinned Locked Moved NAT
    1 Posts 1 Posters 1.4k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • A
      atomar
      last edited by

      I'm having some problems using a VIP for outbound NAT. For some reason the public IP shows up as the WAN Interface IP instead of the VIP configured in Advanced outbound NAT.

      By the ISP I'm given a single WAN IP and a range of public addresses on a different subnet than the WAN IP.

      pfSense config:
      WAN IP: 125.253.110.x
      LAN: 10.5.0.254
      OPT1: 192.168.0.3 (labeled PRIVATE)

      I've created a number of P VIPs for the public addresses:
      202.171.x.129/32
      202.171.x.130/32
      202.171.x.131/32
      202.171.x.132/32
      202.171.x.133/32
      202.171.x.134/32

      What I'm trying to achieve with NAT:
      NAT the entire PRIVATE (OPT1) network through one of the VIPs
      (There's a single 1:1 NAT to one of the IPs on OPT1 but not concerned about that. Just to provide all the info)

      On the LAN side there are a number of additional subnets configured (different wireless hotspots with their own subnet each).
      10.5.0.0/24
      10.5.1.0/24
      10.5.2.0/24
      10.5.3.0/24
      10.5.4.0/24
      10.5.16.0/24
      10.5.17.0/24

      At the moment I'm only testing connections from 10.5.0.0/24 and haven't worried about the other subnets. Static routes have been setup but to be tested once the basics work.

      My outbound NAT rules are attached. The idea is to spread the outbound connections from the different LAN subnets over a few public IPs.

      When connected to OPT1 and checking my public ip (e.g. with whatsmyip.com) it correctly shows the VIP as per AoN.
      On the LAN side, however, a client (10.5.0.242) looks up the same page (whatsmyip.com) and it reports the WAN Interface IP instead of the VIP as per AoN.

      The state table correctly shows the translation between the LAN client and the VIP but for some reason the external web server sees the WAN Interface IP.

      I would appreciate any help as to how I misconfigured pfSense.
      ![NAT rules.jpg](/public/imported_attachments/1/NAT rules.jpg)
      ![NAT rules.jpg_thumb](/public/imported_attachments/1/NAT rules.jpg_thumb)

      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.