Change when/how NAT rule applies

Started by danderson, August 14, 2023, 11:55:19 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
August 14, 2023, 11:55:19 PM
So I have 1 subnet that I want to use 2 different outbound NAT rules at different times, I have tried setting the FW rule and the outbound nat rule using the Set local tag and Match local tag options, but it doesnt seem to work.

Ideas or thoughts, im trying to have it apply to ANY ANY in the nat rule based on the traffic selected by specific FW rules.
August 15, 2023, 12:41:19 AM #1
What doesn't work? Firewall rule scheduling or tag matching in the outbound NAT rules?
Did you add the firewall rules to the LAN interface (pass in)?
Did you disable automatic outbound NAT rule generation?

Cheers
Maurice
OPNsense virtual machine images
OPNsense aarch64 firmware repository

Commercial support & engineering available. PM for details (en / de).
August 15, 2023, 01:12:09 AM #2
its the tag matching in the outbound rule.

Yes tag FW rule is on LAN pass in with the set local tag to XXXYYYZZ

Then on the outbound nat its set to match local tag XXXYYYZZ

But it still uses the default nat.

Automatic outbound it set to hybrid as the manual rules apply 1st.  Also the nat rule im using the tag matching on is above the regular outbound nat that I use for all the subnets. Ive even tried changing the order.

I see in the logs that it hits the FW rule, but doesnt use the NAT rule with tag matching. If I change the NAT rule to use the source subnet it works fine
Print
Go Up Pages1
User actions