Archive > 19.7 Legacy Series

Issues with automatic outbound NAT

(1/1)

ARCHmatux:
Hi All,

I suspect that this has been covered before.
I've read through a few topics but unfortunately they don't really answer my question.

I have a fairly simple network.
WAN is DHCP
LAN is static in a /30 transport link to an internal layer 3 switch where the interfaces for the internal subnets reside.

With pfSense the automatic outbound NAT allowed for the subnets behind the layer 3 switch to be NAT'd out the WAN.
However, with OPNsense I need to manually define the outbound NAT rules for these subnets.
Simply adding a firewall rule to the LAN interface to allow these subnets out isn't enough to apply NAT to them.

Is this intended behavior or a bug?

If intended I can fully understand.
I mostly come from a Cisco ASA background where you can manually define outbound NAT for a group of subnets or use ANY to allow outbound NAT for anything going in and out of the specified interfaces.

Asterix:
I have this exact issue. Just started my move from pfsense to opnsense. For a good 2 hours I went through multiple settings troubleshooting what was blocking the layer3 network from communicating out of the WAN. This was never an issue with pfsense which I have used for over a decade.

Is this intended? I see the layer3 network in the autocreated networks but it not updating or reflecting the same on the NAT outbound. I have to select hybrid mode and add the subnets from the internal network.

Asterix:
Anyone??

This outbound NAT issue is hindering my deployment across 5 networks.

Asterix:
I have conclusively found the issue with automatic outbound NAT has not yet rectified. Below is part of the firewall changes done to 19.7.3. This has either broken again or not properly fixed in the first place.


list of changes from 19.7.3
firewall: restore automatic outbound NAT pre-19.7 behaviour which excludes gateways not configured and not dynamic


Can someone add this to the list of bugs that needs to be fixed?

BambosD:
There is another issue also might not yet been rectified.

For High Availability setup, i'm not able in any way outbound with the Virtual Carb WAN address.

i have set outbound rules for the lan , translating to specific wan address and i choose the virtual carb wan !

The master goes out with the real wan, the backup goes out with the real wan.

Navigation

[0] Message Index

Go to full version