4. Cannot get it right: mixing AON with 1:1 mappings

Cannot get it right: mixing AON with 1:1 mappings

  • P

    Hi,

    I have a dual wan setup (load balancing) with its AON rules working aparently fine for internal reserved-networks addresses in the LAN.

    I also have several NAT 1:1 mappings from public virtual ips (Ip Alias) on one WAN interface to several internal LAN (reserved-network)  IPs.

    Here's where I'm not sure if I'm getting it right, or funky things are taking place: I understand 1:1 nat will take care of outgoing connections by setting the source address to the public IP, e.g.

    WAN pu.bli.c.ip 
    IP Alias pu.bli.c.ip < –- > 192.168.1.3

    All ips but 192.168.1.3 will get natted for outgoing connections to the internet, so that they will look as if they were coming from WAN pu.bli.v.ip
    192.168.1.3 due to its 1:1 nat should make its source address  'IP Alias pu.blic.ip' on outgoing connections.

    So, should a NO NAT rule be placed (AFAIK it should be the last??? am I wrong??) so that NO NAT is done if source address is 192.168.1.3??? where? before or after the regular outbound NAT rule for all the regular internal IPs??

    I tried several configs and is funny for 192.168.1.3 some connections are natted correctly using "IP Alias pu.bli.c.ip" but some don't, and get natted through any of the 2 WAN NAT rules.

    Yes, I did reset states between changes.

    0
 

Products

Applications

Support

Services

News

Resources

Company

Our Mission

As host of the pfSense open source firewall project, Netgate believes in enhancing network connectivity that maintains both security and privacy. We also believe everyone should be able to afford it.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2002 - 2018 Rubicon Communications, LLC | Privacy Policy