Outbound NAT Issue

  • Hi all,

    New to pfSense and the forum so apologies if this is a daft question.

    I have a pfsense box with 2 WANs, 3 LANs (1 Main, 2 VLANs all on the same interface)

    WAN 1 has 5 Static IPs which I have configured as Virtual IPs. The main interface IP is assigned using DHCP from the ISP, the static IPs are then routed to that.
    WAN 2 has a single Static IP which is assigned by DHCP from the ISP.
    The WAN connections are both PPPoE.

    I have made Outbound NAT rules as follows:

    The first 2 of those rules work beautifully. The last rule doesn't work at all. If I set ANY rule to go out on WAN_2 Interface Address, then whatever is on the source does not get an internet connection at all.

    It seems like there is a problem with that interface, but both gateways are present and up, and a traceroute using that interface going out to google's IP works just fine.

    I have no doubt there is something simple that I'm missing here but for the life of me cannot figure out what!

    Any help would be most appreciated!

    Thanks in Advance.

  • I have an update here. Still baffled though.

    I have found that if I change the systems default gateway (under System, Routing, Gateways) to WAN 2, then the outbound NAT rule for WAN 2 begins to work, but the other rules for WAN 1 stop working!!!

    What am I missing????

  • I feel that perhaps what is happening is that the outbound NAT rule is trying to route traffic to the default gateway that is set on pfSense. This gateway is obviously not reachable as the traffic is told to go out via WAN 2, but is trying to use the gateway assigned to WAN 1.

    Is there somewhere that I need to specify that anything going out on this rule must use the WAN 2 gateway, and not the system default?

  • Ok, I've made some progress. Maybe this is the solution I've been looking for, not sure.

    Alongside the outbound NAT rule, I changed the Firewall Rule for the Lab_VLAN interface to send traffic out of the specific gateway for WAN 2. This is the rule that's labelled 'Default allow LAN to any'. I just set the gateway to WAN 2 in the advanced section and that's done the trick.

    It seems odd to me that I have to set this, as I would expect that if an outbound NAT rule is set to flow the traffic out of WAN 2, then it should figure out to use the gateway from WAN 2, and not try to send the traffic to an unreachable gateway!

    Still, sorted now. Hope this helps anyone that had the same trouble..

  • You are right on your last post. The outbound NAT rules do not force traffic to go through a gateway, you would need to specify it on the firewall rules ;)

Log in to reply