Manual Outbound NAT in 2.0



  • Hey guys I am just looking to get a little more information here about Manual Outbound NAT in pfSense 2.0. In 1.2.3 I would just switch to Manual Outbound, and create simple rules to allow NAT to each one of my OPT interfaces, and to set up static ports on my networks for game servers, etc. It was pretty simple. I go to enable Manual Outbound in 2.0 and pfsense just vomits up all these esoteric rules I have no knowledge of. I am a little confused on how to go about this.

    Should I just leave all those rules there, and proceed to create rules to NAT to my OPT interfaces/static port for game servers etc. as I normally would, or should I delete them and start over? If someone has some additional information or a link on the changes made to Manual Outbound NAT in 2.0 I would love to give it a read. Rules look like this: http://i.imgur.com/enQwK.jpg (there is more) Thanks in advance!



  • Looks like you have many duplicates, like you may have had rules in there before and then re-enabled with the new version. I would erase them all, switch to auto, then switch backup and let it create the rules for existing networks. Or manually remove duplicates and go from there.



  • It is weird because I switch to Manual, delete them all, switch to Auto and then back to Manual, they all re-appear. They must be related to something, I just can't be sure what…



  • When you do that, it tries to create rules for all the different non-WAN interfaces (including PPTP and such). So just remove the duplicates and what you don't need and create what you do need.



  • Alright, thanks. This is what I have now:
    http://i.imgur.com/j6ldZ.jpg
    I am not sure what I am going to do about PPTP yet; not sure if the "remote address range" gets automatically sub-netted with a /28 anymore, but this should work for now right? I was just confused as to why pfSense was auto-creating rules that made no sense to me like rules for ISAKMP & rules like 127.0.0.0/8 port 1024:65535. ???



  • The ISAKMP may not be necessary is you are not running a VPN. The 127.0.0.1/8 NATs the local firewall traffic for things like package downloads, DNS lookup, and other firewall services that go to the internet. You might want to leave that one. I am not sure about the PPTP stuff. I have never used it.


Log in to reply