4. [BUG] Disabled Outbound NAT entry does not appear grayed out

[BUG] Disabled Outbound NAT entry does not appear grayed out

  • L

    For normal NAT rules and FW rules, if you disable the rule, the entry in the list appears as grayed out by changing the text to gray. This is not the case with Outbound NAT rules. In order to see if the rule is disabled, you must click to edit and look at the check box at the top. Please fix this issue to be consistent with other "disabled" behaviors.

    0
  • C

    It's not possible to disable outbound NAT entries at this time. Guessing you're referring to "do not NAT", that doesn't disable the rule, it doesn't NAT on that rule. It's correct as is.

    0
  • L

    I guess I don't understand the difference between "Do not NAT" and "Disable NAT rule". Either terminology still sounds like the rule will not be implemented.

    0
  • Rebel Alliance Developer Netgate

    "Do not NAT" is an exception to the other rules.
    "Disable" would make the rule inactive.

    Do not NAT on WAN from x.x.x.Z/32 to any
    NAT on WAN from x.x.x.0/24 to any

    That would do NAT for all items in x.x.x.0/24 except for x.x.x.Z which would not get NAT applied.

    If the rule were disabled, it would fall through to the second rule and still get NAT, which is not what was desired there.

    Eventually there should be a "disable" checkbox on that screen too but it doesn't exist yet (I thought there was a feature request ticket open for that already).

    0
  • L

    @jimp:

    "Do not NAT" is an exception to the other rules.
    "Disable" would make the rule inactive.

    Do not NAT on WAN from x.x.x.Z/32 to any
    NAT on WAN from x.x.x.0/24 to any

    That would do NAT for all items in x.x.x.0/24 except for x.x.x.Z which would not get NAT applied.

    If the rule were disabled, it would fall through to the second rule and still get NAT, which is not what was desired there.

    Eventually there should be a "disable" checkbox on that screen too but it doesn't exist yet (I thought there was a feature request ticket open for that already).

    Ahhhh. Now I understand (lightbulb!). So if my default Outbound NAT is x.x.x.0/24 with the "Do not NAT" on x.x.x.25/32, then I wonder what x.x.x.25 will get NAT-ed to and if outbound traffic will work properly (I'm not wanting to test on a live server). Will the outbound IP be x.x.x.25?

    0
  • Rebel Alliance Developer Netgate

    If no NAT is applied, the source address is left alone.

    Most people would never need such a rule, but there are some out there that do. It's sometimes more useful to "do not nat" based on the destination rather than the source.

    0
Log in to reply
 

Products

Applications

Support

Services

News

Resources

Company

Our Mission

As host of the pfSense open source firewall project, Netgate believes in enhancing network connectivity that maintains both security and privacy. We also believe everyone should be able to afford it.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2002 - 2019 Rubicon Communications, LLC | Privacy Policy