Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Outbound nat issue

    Scheduled Pinned Locked Moved NAT
    2 Posts 1 Posters 986 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • J Offline
      jeffreysmith
      last edited by

      I am trying to mimic an old cisco firewall configuration which used to send all traffic out on a specific IP address (xxx.xxx.xxx.61/27)

      We have a sever setup with 1:1 inbound NAT on IP (195.xxx.xxx.58/27)

      Disabled: unticked
      Interface: WAN
      External Subnet IP : 195.xxx.xxx.58
      Internal IP:
                type: Single host
                Address: 10.x.x.149
      Destination : any
      NAT Reflection : Use system Default ( this is disabled)

      Outbound NAT is set to manual and the catch all rule at the bottom on the list of rules is

      Do Not Nat: unticked
      Interface: WAN
      Protocol : any
      Source:
            Type: Network
            Address: 10.x.x.x / 20 (this is the whole of our internal LAN range)
          SourcePort: Blank
      Destination: any
      translation :
            Address: 195.xxx.xxx.61
            Port: blank
            Static-port: unticked
      no xmlrpc Sync: unticked

      When I try to ssh out from the internal host 10.x.x.149 it shows as coming from the external 195.xxx.xxx.58 address. When I try "wget -qO- http://ipecho.net/plain" from the internal host it is showing 195.xxx.xxx.61.

      Any ideas what I have done wrong here?

      1 Reply Last reply Reply Quote 0
      • J Offline
        jeffreysmith
        last edited by

        My guess for this is that 1:1 NAT takes precedence over the outbound NAT Rules and passes all the traffic for this server out on 195.xxx.xxx.58.

        I changed this from a 1:1 NAT to port forward just ssh and it seems to be routing all traffic out of 195.xxx.xxx.61.

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.