OPNsense Forum

Archive => 15.1 Legacy Series => Topic started by: weust on March 16, 2015, 12:20:19 am

Title: Automatic outbound NAT rule generation: Manual Mappings not working
Post by: weust on March 16, 2015, 12:20:19 am

When I set the Outbound NAT to Automatic outbound NAT rule generation and add a static port mapping it doesn't seems to work.

For my PlayStation 4 I need a static port mapping Outbound NAT mapping otherwise I can't get a NAT Type 2.
I need that to be able to hear some people in a chat party. NAT Type 3 gives a message saying that due to a NAT problem blah blah.

When I set Outbound NAT to Manual Outbound NAT rule generation and place the static port mappings either at the top of the list, of just above the internal LAN subnet mappings, it works.
So to me it seems that when setting to Automatic, it will ignore the manual added Mappings.

Before I create an issue on GitHub, I'd like to know if it's me doing something wrong (not much room for error I believe) or that is really is a bug.

Btw: This is not the only static port mapping I have, but this is the easiest to test with.

Title: Re: Automatic outbound NAT rule generation: Manual Mappings not working
Post by: weust on March 18, 2015, 08:15:33 am

Just noticed this line:

Quote

If automatic outbound NAT selected, a mapping is automatically created for each interface's subnet (except WAN-type connections) and the rules on "Mappings" section of this page are ignored.

What is the point of having a "Mappings" section in the Automatic outbound NAT setup if it's ignored?
The Manual outbound NAT setup doesn't break up between the auto generated rules and the manual mappings.
It just makes one big list of them.

Title: Re: Automatic outbound NAT rule generation: Manual Mappings not working
Post by: franco on March 25, 2015, 08:56:33 am

I think it was mean as an exclusive or between either manual mode or automatic mode. I can imagine it gets tricky in certain scenarios to have conflicting NAT rules or maybe the code's author thought it would not be a viable feature. I don't really care either way. Are you suggesting we should have both at the same time with priority to which set? :)

Title: Re: Automatic outbound NAT rule generation: Manual Mappings not working
Post by: weust on March 25, 2015, 09:05:55 am

Well, either Automatic doesn't show the manual mapping a at all, but perhaps "remembers" them when coming from Manual, or do allow the manual mapping's to be used before the automatically generated ones. (With an option to enable/disable them)
Because that is how it looks like it should work from just looking at the list, except a fine print that says "nope".

Title: Re: Automatic outbound NAT rule generation: Manual Mappings not working
Post by: franco on March 25, 2015, 10:11:40 am

Okay, I've added this as a ticket: https://github.com/opnsense/core/issues/106