pfSense » pfSense Docs

Dear pfSense team,

I would like to submit a suggestion to the NAT 1:1 page. This suggestion comes from an issue I faced when configuring multi-wan nat 1:1 where the outgoing traffic had to go through the interface and external IP assigned on the interface.

On the first paragraph of the NAT 1:1 page it says:
"All traffic originating from that private IPv4 address going to the Internet will be mapped by 1:1 NAT to the public IPv4 address defined in the entry, overriding the Outbound NAT configuration."

Seems pretty simple and straightforward. When I configure the NAT 1:1 I even select an interface where the given subnet is, and that should be used. "all traffic going to the internet" hence outgoing traffic "will be mapped by 1:1 NAT to the public IPv4 address". Perfect. I even selected the interface where the public IP is. Seems like a no brainer.

Actually isn't. After much reading, I found a remark which is literally the last sentence on the multi-wan nat page:
"If a local device must always use a 1:1 NAT entry on a specific WAN, then traffic from that device must be forced to use that specific WAN gateway with policy routing firewall rules."

This goes (imho) against the previous statement. It has to be forced, and isn't all traffic, as previously stated.

Anyway, to brief things up, I suggest adding this information in the end of the 1:1 NAT article, something with a title like "Multi-WAN NAT 1:1" - "If a local device must always use a 1:1 NAT entry on a specific WAN, then traffic from that device must be forced to use that specific WAN gateway with policy routing firewall rules."
Considering so many articles on the forums about this subject, I believe it would be a nice to have that information there.

Thank you, and a great time ahead!
Ricardo Mendes