1:1 NAT in 2.0 Release, display incorrect IP on outbound connections



  • WAN Interface with public IP bound in a /29

    IP Alias (IF Alias) added as single Ip in same /29 (subnet is /29).

    Setup WAN rules destination/ip port to my private Ip I want to use for this alias.

    The issue I have is when the server behind nat contacts the service it needs to use, it does so with the primary WAN ip instead of the virtual IP. 1:1 NAT should have told it to advertise

    I've tried with both proxy arp and if alias virtual ip types. Imade sure the states were clear prior to sending outbound connections from behind nat.

    Is there a secret to getting this to work?



  • I should see the ARP entry for the ip in the arp tables on the firewall, but the only time i see them is when i a VIP TYPE "IP Alias".

    My outbound nat type is manual and static port is selected. I might assume this is not an issue. is it?



  • I have pretty much the same scenario here and it works as it should…

    At- System/Advanced/Firewall Nat/  make sure that "Disable reply-to" is not checked...

    I do not have outbound nat "static port" selected...



  • @chpalmer:

    I have pretty much the same scenario here and it works as it should…

    At- System/Advanced/Firewall Nat/   make sure that "Disable reply-to" is not checked...

    I do not have outbound nat "static port" selected...

    That setting does nothing for me, in this particular instance I am not using multiple WAN interfaces. FWIW I see the same thing with 1.2.3, and think 1:1 NAT is not functional on AON and/or Static Port NAT in either version?



  • I created the ip as a virtual ip and not in 1:1 and then created NAT rules, and set the outbound nat accrdong to the need I had. It did work AFTER i rebooted the ISP modem in this fashion. I suspect it will also work in 1:1 as well. I feel like there should be a big fat sticky note somewhere on 1:1 and modems and arp (as in sticky or note in the pfsense gui)…


Locked