Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    1:1 NAT in 2.0 Release, display incorrect IP on outbound connections

    Scheduled Pinned Locked Moved NAT
    5 Posts 2 Posters 2.5k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • G
      grazman
      last edited by

      WAN Interface with public IP bound in a /29

      IP Alias (IF Alias) added as single Ip in same /29 (subnet is /29).

      Setup WAN rules destination/ip port to my private Ip I want to use for this alias.

      The issue I have is when the server behind nat contacts the service it needs to use, it does so with the primary WAN ip instead of the virtual IP. 1:1 NAT should have told it to advertise

      I've tried with both proxy arp and if alias virtual ip types. Imade sure the states were clear prior to sending outbound connections from behind nat.

      Is there a secret to getting this to work?

      1 Reply Last reply Reply Quote 0
      • G
        grazman
        last edited by

        I should see the ARP entry for the ip in the arp tables on the firewall, but the only time i see them is when i a VIP TYPE "IP Alias".

        My outbound nat type is manual and static port is selected. I might assume this is not an issue. is it?

        1 Reply Last reply Reply Quote 0
        • chpalmerC
          chpalmer
          last edited by

          I have pretty much the same scenario here and it works as it should…

          At- System/Advanced/Firewall Nat/  make sure that "Disable reply-to" is not checked...

          I do not have outbound nat "static port" selected...

          Triggering snowflakes one by one..
          Intel(R) Core(TM) i5-4590T CPU @ 2.00GHz on an M400 WG box.

          1 Reply Last reply Reply Quote 0
          • G
            grazman
            last edited by

            @chpalmer:

            I have pretty much the same scenario here and it works as it should…

            At- System/Advanced/Firewall Nat/   make sure that "Disable reply-to" is not checked...

            I do not have outbound nat "static port" selected...

            That setting does nothing for me, in this particular instance I am not using multiple WAN interfaces. FWIW I see the same thing with 1.2.3, and think 1:1 NAT is not functional on AON and/or Static Port NAT in either version?

            1 Reply Last reply Reply Quote 0
            • G
              grazman
              last edited by

              I created the ip as a virtual ip and not in 1:1 and then created NAT rules, and set the outbound nat accrdong to the need I had. It did work AFTER i rebooted the ISP modem in this fashion. I suspect it will also work in 1:1 as well. I feel like there should be a big fat sticky note somewhere on 1:1 and modems and arp (as in sticky or note in the pfsense gui)…

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.