Text only | Text with Images

OPNsense Forum

English Forums => General Discussion => Topic started by: daudo on May 18, 2025, 11:20:46 AM

Title: IPv4 outbound NAT: usecase for a non /32 translation target
Post by: daudo on May 18, 2025, 11:20:46 AM
Hi,

I am just refactoring a couple of our firewalls and doing so, I stumbled upon how outbound NAT has been configured so far.

Some of our outbound translation targets have x.x.x.x/32, whereas some have x.x.x.x/28 for example. Both settings work, apparently, and if I use dig to find out what IP address they are translated to, I get

- for a x.x.x.x/32 translation target:
$ dig +short myip.opendns.com @resolver1.opendns.com
x.x.x.x

- for a x.x.x.x/28 translation target:
$ dig +short myip.opendns.com @resolver1.opendns.com
x.x.x.0

So far so good, but I am confused: why would I ever specify anything else but a /32 host address as a translation target? What's the usecase for such a scenario?
Title: Re: IPv4 outbound NAT: usecase for a non /32 translation target
Post by: Maurice on May 18, 2025, 04:32:58 PM
If you have a public IPv4 subnet (like a /28) and not just a single address, you can balance outbound NAT connections across multiple addresses. That's especially useful if you have many clients.

The 'Pool Options' setting specifies how connections are balanced.

Cheers
Maurice
Title: Re: IPv4 outbound NAT: usecase for a non /32 translation target
Post by: daudo on May 18, 2025, 10:35:16 PM
thanks, this makes sense!
Text only | Text with Images