OPNsense Forum

Archive => 16.1 Legacy Series => Topic started by: tamer on January 31, 2016, 06:31:07 am

Title: [SOLVED] Outgoing NAT issue
Post by: tamer on January 31, 2016, 06:31:07 am

After installing a clean install of OPNsense 16.1 and without restoring config, I have notice a regression with respect to 15.7. If a manual outgoing NAT rule has been created for localhost (127.0.0.0/8) it will be ignored. I have noticed this issue by checking the IP used:

Code: [Select]

curl -vv http://ipinfo.io/ip

But I received a different one than the one I specified in the config. However, it is a bit odd as after checking the loaded pf rules I can see than this outgoing rule is there, but not satisfied.

Relevant pf rule:

Code: [Select]

nat on em0 inet from 127.0.0.0/8 to any -> <ext_ip> port 1024:65535 round-robin

I have also tried with the IP written manually rather than through an alias but got the same result. This behaviour persists even after a reboot, so it is not temporary issue (eg states).

This configuration worked for me with 15.7 (including all the development versions leading to 16.1). However, I'm not sure if the feature broke with just the latest commits or was there earlier with clean installs only (and as such didn't notice it).

Title: Re: Outgoing NAT issue
Post by: tamer on January 31, 2016, 11:04:56 am

Ok so upon further inspections I noticed that if I create an outgoing rule that matches any rather than specifically 127.0.0.0/8 it will use them for locally generated traffic. In my case this is sufficient, but for users with multiple public IPv4s it is slightly inconvenient to assign them to the hosts if one of the IPs is to be assigned to the router. This is still a regression in comparison to 15.7, but from my point of view it is no longer an issue. Sorry for the noise.

Title: Re: [SOLVED] Outgoing NAT issue
Post by: franco on February 02, 2016, 07:26:29 am

Hi Tamer,

Glad that was resolved. No need to be sorry at all. :)


Cheers,
Franco