Home
Help
Search
Login
Register
OPNsense Forum
»
Archive
»
17.1 Legacy Series
»
Feature Request: Easy option to except "Perimeter" range of public IPs from NAT
« previous
next »
Print
Pages: [
1
]
Author
Topic: Feature Request: Easy option to except "Perimeter" range of public IPs from NAT (Read 3618 times)
Ciprian
Sr. Member
Posts: 284
Karma: 50
Feature Request: Easy option to except "Perimeter" range of public IPs from NAT
«
on:
June 09, 2017, 12:56:33 pm »
Request: Starting with the introduction of Quagga, and especially for BGP use cases, please add an easy option to except from NAT the advertised IP(s)/ IP range(s) in BGP (or custom), an option easier than the now mandatory workaround to change from Auto NAT to Manual NAT, and then add manual NAT exception rules for that IP range(s).
Scenario: I have two ranges of public IP addresses set to servers (Web, OWA, Public authoritative DNS, SMTP etc.) on the "Perimeter" interface. Without excepting NAT for this interface/ IP ranges, al sort of problems arise, one example being getting marked as SPAM SMTP service on anti-SPAM public services, because the source public IP address is not the public IP of the server itself, but the public WAN IP the ISP gave me to be set on his WAN (obviously), NAT being done by default on all and every non-WAN interfaces.
Reason: I don't want to set NAT on manual mode because I want to keep the auto generation of NAT rules for creating/ changing/ deleting internal LAN and VLAN interfaces.
PS Adding a "Null" Route in "System" -> "Routes" didn't solve the issue.
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
Archive
»
17.1 Legacy Series
»
Feature Request: Easy option to except "Perimeter" range of public IPs from NAT