Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Failover and 1:1 NAT

    Scheduled Pinned Locked Moved Routing and Multi WAN
    7 Posts 3 Posters 2.8k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • G
      glanc
      last edited by

      Hi! What type of configuration i've to do (in case it is possible), after i've successfully created a failover with dual wan, when i've a host on my lan that is mapped using a 1:1 NAT configuration. When the primary lines goes down, this machine can ping an internet ip address and tracing routes show that wan2 is taking place of the primary wan, but browsing does not work. Is it just a matter of placing a second 1:1 NAT mapping to use a public ip address from the wan2 pool? Thanks.

      1 Reply Last reply Reply Quote 0
      • dotdashD
        dotdash
        last edited by

        AFAIK, You cannot use 1:1 NAT with multiple WANs. Port-forwards on both WANs and advanced outbound NAT rules will work, and comes close to the functionality of a 1:1.

        1 Reply Last reply Reply Quote 0
        • G
          glanc
          last edited by

          Ok,so to let a single host always use the same public ip i can use an entry in advanced outbound nat instead of 1:1 nat. But can i make two entries one for both public subnet of wan1/wan2 so that when wan1 fails to wan2, the host use the other mapping using a public ip from wan2 pool?

          1 Reply Last reply Reply Quote 0
          • G
            glanc
            last edited by

            I've setup advanced outbound nat, vip and port forward, to connecto to the same internal host, using both the wans with the proper pubblic ip. But i cannot connect to the host from outside using wan2 public ip configured as a vip. I've configured two advanced outbound nat entries each one with a public ip from the respective wans pool.

            Any suggestions?

            1 Reply Last reply Reply Quote 0
            • S
              sai
              last edited by

              what about firewall rules? You need firewall rules on WAN2 also.

              1 Reply Last reply Reply Quote 0
              • dotdashD
                dotdash
                last edited by

                I've done this lots of times, it should just work.
                Here are a couple of things to double-check:
                VIPs are added to correct interface.
                AON references WAN2 and WAN2 VIP
                AON rules for host are before rules for subnet
                Port forward has correct interface and VIP
                Firewall rule allowing traffic on correct interface (should be auto-created)

                1 Reply Last reply Reply Quote 0
                • G
                  glanc
                  last edited by

                  Thanks a lot dotdash! I doubled checked all the steps, and now it works perfect! This is my 4th pfsense deployment, and i think that I'm going to replace all of my customers linux based firewalls, because i think that pfsense deserve. cya

                  1 Reply Last reply Reply Quote 0
                  • First post
                    Last post
                  Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.