Multi WAN, NAT with IP Pools, Policy routing



  • Hi all,

    I've been battling the last few days with some issues, first my setup, I have multi WAN(5), each WAN has /28 so I'm using NAT IP pooling.

    I have an alias that groups all public IP's from a particular IPTV provider, this provider does not like seeing requests come from multi IP addresses. So I send that alias out an interface that has 1 IP assigned only, this is fine when using one IP address on the WAN, but the moment I enable the NAT IP POOL I have issues with the IPTV service. So the question is, how can I have the NAT IP POOL enabled AND be able to send that alias to use only 1 particular IP on the given interface? I can set the gateway but this doesn't make the public IP being used static…and setting the IP POOL to "sticky" option does not help as when the state expires the IPTV users have to reload their boxes. Can I use policy routing? I've had a look can't find the answer specific to my problem. I know you can specify outgoing public IP in outbound NAT but outbound NAT doesn't allow you to select an Alias as the source. Can I perform some packet matching rule to accomplish this? How?

    thanks



  • bump, please does anyone know if this is possible, and if so, how?



  • I'm really struggling with this, I've got IP NAT POOLING but for one of my fiber optic connections I have no choice but to NAT to interface address. I have a rule that send all traffic destined for a group of external IP's (created an Alias for this) to this fiber optic, it works perfectly until I change the NAT to use an IP POOL with "sticky" option selected, I tried setting the firewall setting to "conservative" for the connection states, but this doesn't help.

    All the traffic destined for this group of external IP's all have to originate from the same source IP address, it's a TV system and even though the states and IP pooling are sticky it fails miserably until I change the NAT to use only one interface IP.

    Is there any way I can set a rule for an Alias to use only one interface IP address and still keep the IP pooling working for all other traffic?

    I'm really loving my pfsense box, unfortunately if I can't get this working I'm going to have to revert back to a Mikrotik where I can use PCC and packet marking, I really loath the Mikrotik…please help!


Log in to reply