Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    How to create a Virtual IP address pool for use with outbound NAT?

    NAT
    3
    3
    4097
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • H
      hefferbub last edited by

      For my network of 100 homes, i want to have the outbound traffic on the WAN distributed among a small set of IP addresses, rather than all of them using the default address of the WAN interface.

      This is described in the docs at https://doc.pfsense.org/index.php/Outbound_NAT, and I'm told that IP Alias type virtual IPs (VIPs) are the way to do this, but the docs don't say how a pool of them are actually created/configured.

      I can see how to create the individual VIPs (one IP address at a time), but I don't see how to one VIP that includes a group of addresses nor how to group individual VIPs into a pool so they can be referenced when creating outbound NAT rules.

      Can anyone point me in the right direction?  I'm running V2.2.3 NanoBSD.

      Thanks,

      Jeff

      1 Reply Last reply Reply Quote 0
      • KOM
        KOM last edited by

        I've never done what you're attempting but I would think you have to create the virtual IPs manually, then either create the outbound NAT mappings one-by-one where you associate the specific LAN IP with one of your virtual IPs (so you would have an outbound NAT rule for every home), or create aliases and add your LAN IPs to them to group them eg. 10x10, 20x5 etc, and them use those aliases in your outbound NAT rules (so you would need one outbound NAT rule for every LAN IP alias.)  I don't remember if you can use aliases for outbound NAT or not, so that's why I listed the two approaches I could think of.

        1 Reply Last reply Reply Quote 0
        • J
          jdp0418 last edited by

          I do this on several firewalls.  It is pretty easy to do.

          First, create the virtual IPs.  In my case, I have a /24 that I use most of for a round robin NAT pool.  I proxy arp these IPs.  The /24 is subnetted into smaller blocks so I can carve out the other IP's I need for other services.

          Then just create outbound NAT rules.

          Remember to set the pool options in the rule, such as round robin, RR w/ sticky address, etc…

          ![nat outbound alias.PNG](/public/imported_attachments/1/nat outbound alias.PNG)
          ![nat outbound alias.PNG_thumb](/public/imported_attachments/1/nat outbound alias.PNG_thumb)
          ![nat blocks alias.PNG](/public/imported_attachments/1/nat blocks alias.PNG)
          ![nat blocks alias.PNG_thumb](/public/imported_attachments/1/nat blocks alias.PNG_thumb)

          1 Reply Last reply Reply Quote 0
          • First post
            Last post