OPNsense Forum

Archive => 17.1 Legacy Series => Topic started by: hutiucip on June 09, 2017, 12:56:33 pm

Title: Feature Request: Easy option to except "Perimeter" range of public IPs from NAT
Post by: hutiucip on June 09, 2017, 12:56:33 pm
Request: Starting with the introduction of Quagga, and especially for BGP use cases, please add an easy option to except from NAT the advertised IP(s)/ IP range(s) in BGP (or custom), an option easier than the now mandatory workaround to change from Auto NAT to Manual NAT, and then add manual NAT exception rules for that IP range(s).

Scenario: I have two ranges of public IP addresses set to servers (Web, OWA, Public authoritative DNS, SMTP etc.) on the "Perimeter" interface. Without excepting NAT for this interface/ IP ranges, al sort of problems arise, one example being getting marked as SPAM SMTP service on anti-SPAM public services, because the source public IP address is not the public IP of the server itself, but the public WAN IP the ISP gave me to be set on his WAN (obviously), NAT being done by default on all and every non-WAN interfaces.

Reason: I don't want to set NAT on manual mode because I want to keep the auto generation of NAT rules for creating/ changing/ deleting internal LAN and VLAN interfaces.

PS Adding a "Null" Route in "System" -> "Routes" didn't solve the issue.