<![CDATA[Am I missing an outbound NAT rule?]]>

<![CDATA[Am I missing an outbound NAT rule?]]>In my testing configuration, LAN is 192.168.11.0/24, and WAN is 192.168.0.0/24. See the attached pictures for configuration details. Basically, I want to be able to forward from 192.168.0.202:80 (a CARP IP address) to 192.168.11.4:80. The web server is definitely running, because it serves pages on its 192.168.11.4 address. Its firewall is set to allow all traffic. For instance, I can telnet from pfsense to 192.168.11.4:80.

On the web server, I can run tcpdump -i any -w 80.pcap 'tcp port 80', which yields 2 incoming "HTTP [SYN]" packets, and no outbound traffic. This is also exactly the traffic the MASTER pfsense router sees. The slave sees no port 80 traffic, as you would expect.
![firewall forwarding.png](/public/imported_attachments/1/firewall forwarding.png)
![firewall forwarding.png_thumb](/public/imported_attachments/1/firewall forwarding.png_thumb)
![firewall outbound.png](/public/imported_attachments/1/firewall outbound.png)
![firewall outbound.png_thumb](/public/imported_attachments/1/firewall outbound.png_thumb)
![firewall rules.png](/public/imported_attachments/1/firewall rules.png)
![firewall rules.png_thumb](/public/imported_attachments/1/firewall rules.png_thumb)
![firewall virtual ip.png](/public/imported_attachments/1/firewall virtual ip.png)
![firewall virtual ip.png_thumb](/public/imported_attachments/1/firewall virtual ip.png_thumb)

routes.png_thumb
![web server packet capture.png](/public/imported_attachments/1/web server packet capture.png)
![web server packet capture.png_thumb](/public/imported_attachments/1/web server packet capture.png_thumb)
![carp status.png](/public/imported_attachments/1/carp status.png)
![carp status.png_thumb](/public/imported_attachments/1/carp status.png_thumb)

]]>https://forum.netgate.com/topic/45054/am-i-missing-an-outbound-nat-ruleRSS for NodeWed, 22 Apr 2026 20:36:07 GMTThu, 17 May 2012 17:14:52 GMT60<![CDATA[Reply to Am I missing an outbound NAT rule? on Thu, 17 May 2012 17:40:24 GMT]]>This turned out to be a problem due to the web server having an interface on the 192.168.0.0/24 network. Taking that interface down allowed packets to flow freely, how they were meant to.

]]>https://forum.netgate.com/post/336975https://forum.netgate.com/post/336975Thu, 17 May 2012 17:40:24 GMT