"
Hi Franco, i'm new to opnsense but used othersenseā¢ for years...
i don't think, that this one is a good idea. It will brakes everything... terrible with Use of ipsec because the SA is not matching with other IPs than configured.
I think the best idea is a boolean switch to enable the old behavior without have to create custom outbound masquerade rules.
alternativly we could make use of a switch while creating an ip alias...eg:"do not use this alias for outbound nat."
i do not see any benefit for outbound nat-rr on a single wan....
we use ip alias for special service eg:
on ip 1.2.3.1 = everything else
ip 1.2.3.2 owa.domain.tld with HAPROXYA
ip 1.2.3.3 openvpn.domain.tld
ip 1.2.3.4 vta.domain.tld (telephone appliance)
io 1.2.3.5 remote.domain.tld (web RDP Broker / Gateway)
cheers
dave
edit:
we also had troubles with outgoing smtp traffic. it comes with different IPs so we get blocked very fast.
i don't think, that this one is a good idea. It will brakes everything... terrible with Use of ipsec because the SA is not matching with other IPs than configured.
I think the best idea is a boolean switch to enable the old behavior without have to create custom outbound masquerade rules.
alternativly we could make use of a switch while creating an ip alias...eg:"do not use this alias for outbound nat."
i do not see any benefit for outbound nat-rr on a single wan....
we use ip alias for special service eg:
on ip 1.2.3.1 = everything else
ip 1.2.3.2 owa.domain.tld with HAPROXYA
ip 1.2.3.3 openvpn.domain.tld
ip 1.2.3.4 vta.domain.tld (telephone appliance)
io 1.2.3.5 remote.domain.tld (web RDP Broker / Gateway)
cheers
dave
edit:
we also had troubles with outgoing smtp traffic. it comes with different IPs so we get blocked very fast.
