Do 127.0.0.0/8 rules need to be duplicated?



  • For open VPN, the NAT rule:

    Interface: WAN
    Source: 192.168.1.0/24
    Source Port: *
    Destination: *
    Destination Port: *
    NAT Address: WAN Address
    Nat Port: *
    Static Port: No
    

    needs to be duplicated and changed to:

    
    Interface: VPN
    Source: 192.168.1.0/24
    Source Port: *
    Destination: *
    Destination Port: *
    NAT Address: VPN Address
    Nat Port: *
    Static Port: No
    
    

    My question is does the NAT rule:

    Interface: WAN
    Source: 127.0.0.0/8
    Source Port: *
    Destination: *
    Destination Port: *
    NAT Address: WAN Address
    Nat Port: *
    Static Port: No
    

    need to be duplicated and changed to:

    
    Interface: VPN
    Source: 127.0.0.0/8
    Source Port: *
    Destination: *
    Destination Port: *
    NAT Address: VPN Address
    Nat Port: *
    Static Port: No
    
    


  • This depends on whether you route traffic from pfSene itself (e.g. DNS lookups, updates) through the VPN or not. If this traffic is also routed through VPN you'll need that rule.



  • I do route DNS lookups through it and I did not setup the 127.0.0.0/8 rule and it's working fine.
    I'm using Hybrid Outbound NAT and just added the LAN Subnet.