Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    1:1 NAT outbound using incorrect interface

    Routing and Multi WAN
    2
    4
    2.3k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • O
      obstler
      last edited by

      hi,

      I have pfSense 1.2.3-release with two routers, each on its own network interface - wan and wan2. each of the ISPs has 5 static IPs. for wan everything works fine with a couple of servers that are using 1:1 nat. however when I set up 1:1 nat with an IP from wan2 outbound traffic is still being sent over wan instead of wan2 which causes all kinds of strange problems. I would have figured that an 1:1 IP mapped to the subnet of WAN2 would automatically go out the interface of WAN2, and I can't seem to find a way to make that happen.

      The reason for the 1:1 NAT in this case is that the machine has to use the specific public IP from WAN2 for outbound traffic, instead of the standard NAT ip from wan.

      Any ideas how to achieve this properly?

      thanks!

      1 Reply Last reply Reply Quote 0
      • GruensFroeschliG
        GruensFroeschli
        last edited by

        I would stop using 1:1 NAT.

        With normal NAT rules, firewall rules and your own advanced outbound rules you can achieve what you describe.

        If you need more specifics, post more information about your setup, like IPs, the rules you already have, what you're trying to forward.

        We do what we must, because we can.

        Asking questions the smart way: http://www.catb.org/esr/faqs/smart-questions.html

        1 Reply Last reply Reply Quote 0
        • O
          obstler
          last edited by

          thanks for offering to help, as I really don't know how I could achieve the same without 1:1 nat.

          pfSense was/is working fine for the default one, and has been for a long time. I only recently added a second nic and consolidated my second firewall into the one pfsense system. so therefore there really isn't any particular multi-wan configuration yet. I just added wan2, setup a couple proxy arp virtual IPs on wan2 for testing, and have one static route for a subnet that needs to be routed out on wan2 instead of wan1.

          now what I really want to achieve is that the system with the internal IP of 10.0.0.42 uses a specific public static IP of wan2 for all outbound connections, let's call it 1.2.3.4 (and sends packets out the wan2 connection). therefore I setup 1:1 nat for 10.0.0.42 to 1.2.3.4. when I now make outbout connections from this system it uses the 1.2.3.4 IP address, but sends out the packets on the default wan instead of wan2. which in turn causes problems, cause the packets go out on wan and replies come back in on wan2.

          I don't have any other multi-wan configuration, rules, load-balancing or failover configured, so maybe I'm missing some additional configuration that is needed, or just going about this the wrong way. I don't know how I could tell pfSense to use that specific wan2 public IP for outbound connections of internal 10.0.0.42 other than 1:1 nat.

          thanks for any help.

          1 Reply Last reply Reply Quote 0
          • O
            obstler
            last edited by

            any more info what either to configure with 1:1 NAT to get it working correctly? Or if not possible with 1:1, how else to achieve the same result?

            Thanks!

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.