OPNsense
  • Home
  • Help
  • Search
  • Login
  • Register

  • OPNsense Forum »
  • Archive »
  • 17.1 Legacy Series »
  • Feature Request: Easy option to except "Perimeter" range of public IPs from NAT
« previous next »
  • Print
Pages: [1]

Author Topic: Feature Request: Easy option to except "Perimeter" range of public IPs from NAT  (Read 2286 times)

hutiucip

  • Sr. Member
  • ****
  • Posts: 284
  • Karma: 49
    • View Profile
Feature Request: Easy option to except "Perimeter" range of public IPs from NAT
« on: June 09, 2017, 12:56:33 pm »
Request: Starting with the introduction of Quagga, and especially for BGP use cases, please add an easy option to except from NAT the advertised IP(s)/ IP range(s) in BGP (or custom), an option easier than the now mandatory workaround to change from Auto NAT to Manual NAT, and then add manual NAT exception rules for that IP range(s).

Scenario: I have two ranges of public IP addresses set to servers (Web, OWA, Public authoritative DNS, SMTP etc.) on the "Perimeter" interface. Without excepting NAT for this interface/ IP ranges, al sort of problems arise, one example being getting marked as SPAM SMTP service on anti-SPAM public services, because the source public IP address is not the public IP of the server itself, but the public WAN IP the ISP gave me to be set on his WAN (obviously), NAT being done by default on all and every non-WAN interfaces.

Reason: I don't want to set NAT on manual mode because I want to keep the auto generation of NAT rules for creating/ changing/ deleting internal LAN and VLAN interfaces.

PS Adding a "Null" Route in "System" -> "Routes" didn't solve the issue.
Logged

  • Print
Pages: [1]
« previous next »
  • OPNsense Forum »
  • Archive »
  • 17.1 Legacy Series »
  • Feature Request: Easy option to except "Perimeter" range of public IPs from NAT
 

OPNsense is an OSS project © Deciso B.V. 2015 - 2023 All rights reserved
  • SMF 2.0.19 | SMF © 2021, Simple Machines
    Privacy Policy
    | XHTML | RSS | WAP2