Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Manual outbound nat mappings do not parse with enabled automatic outbound

    Scheduled Pinned Locked Moved NAT
    5 Posts 2 Posters 4.2k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • T
      Tele
      last edited by

      Scenario;

      Normally, i have enabled 'Automatic outbound NAT rule generation (IPsec passthrough)'. Now i want an extra outbound rule to force my outbound smtp traffic thru a specific virtual IP. After adding this rule, it doesn't get listed when i execute 'pfctl -s nat'.

      When i select 'Manual Outbound NAT rule generation', the rule does get added, but not all the rules from the automatic mode are duplicated. (and i'm not enthousiastic about adding all these rules manually ;) )

      Is this expected behaviour? I thought the manual mappings would also apply when 'Automatic outbound NAT'  is selected  :)

      1 Reply Last reply Reply Quote 0
      • jimpJ
        jimp Rebel Alliance Developer Netgate
        last edited by

        In order to use the Manual Outbound NAT rules, you must enable Manual Outbound NAT. That's always been the case, it's the expected behavior.

        Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

        Need help fast? Netgate Global Support!

        Do not Chat/PM for help!

        1 Reply Last reply Reply Quote 0
        • T
          Tele
          last edited by

          Thanks, I misunderstood that bit. Is there a way to duplicate all the outbound nat rules from the automatic mode to the list with manual mappings? I can list them with 'pfctl -s nat', but where to put them? When manual mode is selected, only one manual rule is automatically generated.

          1 Reply Last reply Reply Quote 0
          • jimpJ
            jimp Rebel Alliance Developer Netgate
            last edited by

            Do you have more than one internal interface?

            It's supposed to add a rule for each internal interface, but it doesn't automatically add the SIP/IPsec static port rules. You will have to put those in manually, and if you want to NAT for any incoming VPN clients you'd have to add those as well.

            Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

            Need help fast? Netgate Global Support!

            Do not Chat/PM for help!

            1 Reply Last reply Reply Quote 0
            • T
              Tele
              last edited by

              Yes, i have multiple internal and external interfaces. I added the rules manually, and it works fine now. Thanks! :)

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.