Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    How can I see the Outbound NAT rules that are automatically created?

    Scheduled Pinned Locked Moved NAT
    2 Posts 2 Posters 863 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S Offline
      silverado
      last edited by

      I have set up an OpenVPN-Server on pfSense and almost everything works fine exept for the fact that Roadwarriors do not have access to the internet via the VPN-Tunnel. They can use my LAN-Ressources but they cannot connect to any internet site neither by names nor by ip-addresses (so it is no DNS problem).

      I have found out that this has to do with the Settings in Firewall > NAT > Outbound.

      When I choose "Automatic outbound NAT rule generation" it solves the issue and the connected OpenVPN-Clients can surf the Internet via the VPN-Tunnel.

      But for some reasons I have to use "Manual Outbound NAT rule generation".  The problem is that I cannot figure out what rule I have to create that allows remotely connected OpenVPN-clients connected to my pfSense box to use my WAN connection in order to surf the internet.

      So my questions are:

      1. Is there a way I can see what rules are automatically created when "Automatic outbound NAT rule generation"  is active?

      2. Or can you give me hints what rule(s) I have to create for outbound NAT to solve my problem?

      :) Seems that I just found it out myself: I added an outbound NAT-rule for the WAN interface with 10.8.0.0/24 (this is my tunnel network) as source with the WAN Address as NAT Address and now my roadwarriors can surf through the tunnel. I am quite sure that I tested this rule a hundred times before without any success. But now it works. Very strange…

      1 Reply Last reply Reply Quote 0
      • jimpJ Offline
        jimp Rebel Alliance Developer Netgate
        last edited by

        For others that are curious, while you're on Automatic Outbound NAT, you can see the automatic rules using Diagnostics > Command:

        grep tonatsubnets /tmp/rules.debug
        

        On pfSense 2.2 the automatic rules are listed even when you're in automatic mode so that won't be necessary.

        Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

        Need help fast? Netgate Global Support!

        Do not Chat/PM for help!

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.