Show Posts
1
17.7 Legacy Series / NAT outgoing traffic to several public IPs (manual outbound NAT pool)
« on: October 06, 2017, 01:22:08 am »
-ISP provides 5 static public IP for the WAN
-Basic firewall to NAT office web browsing
-Office LAN 192.168.0.x/24
On a typical firewall the outbound traffic NATs to the one IP of the WAN interface. In a very large office network it is best to NAT outbound traffic to multiple WAN IPs. There are two ways to do this;
Option 1: NAT based on source rules (IP range 192.168.0.1 thru 50 NAT to WAN IP 1 of 5 etc.)
Option 2: Auto NAT each new session one public IP from a pool of WAN IPs (round-robin outbound NAT pool)
I have looked at docs for OPNsense and pfsense and cannot get 'option 2' working. I tried creating virtual IPs, or proxyarp, or host alias and assigning to manual outbound NAT in the 'translation' selection and 'round-robin' in the pool selection. For some reason I always get the default behavior (NAT to main WAN interface IP).
Has anyone done this?
-Basic firewall to NAT office web browsing
-Office LAN 192.168.0.x/24
On a typical firewall the outbound traffic NATs to the one IP of the WAN interface. In a very large office network it is best to NAT outbound traffic to multiple WAN IPs. There are two ways to do this;
Option 1: NAT based on source rules (IP range 192.168.0.1 thru 50 NAT to WAN IP 1 of 5 etc.)
Option 2: Auto NAT each new session one public IP from a pool of WAN IPs (round-robin outbound NAT pool)
I have looked at docs for OPNsense and pfsense and cannot get 'option 2' working. I tried creating virtual IPs, or proxyarp, or host alias and assigning to manual outbound NAT in the 'translation' selection and 'round-robin' in the pool selection. For some reason I always get the default behavior (NAT to main WAN interface IP).
Has anyone done this?