Todo #16135
open
Document NAT64 rules
90%
Description
NAT64 can now be enabled for firewall rules. NAT64 can be used with normal interface rules and floating rules. It also supports route-to.
Notably packets which have been translated by NAT64 cannot then be translated again by NAT rules (e.g. Outbound NAT). For example if a static route exists for 172.27.0.0/16 via WAN2's gateway, then a policy routing rule can be created for the destination 64:ff9b::172.27.0.0/112 or 64:ff9b::ac1b:0/112 with WAN2's gateway set. This could be mentioned here:
https://docs.netgate.com/pfsense/en/latest/nat/process-order.html
Updated by Jim Pingle 6 days ago
- Status changed from New to In Progress
- Assignee set to Jim Pingle
- % Done changed from 0 to 90
First pass: https://gitlab.netgate.com/docs/pfSense-docs/-/commit/b6748ba9503baa5d4e9d7c7d364ab4d215b0de1a
Staged for preview:
- http://stage-v25.03.docs.netgate.com/pfsense/en/latest/network/ipv6/nat64.html
- http://stage-v25.03.docs.netgate.com/pfsense/en/latest/recipes/nat64.html
- Various other related pages were updated, like firewall rules, RA, DNS Resolver advanced, NAT processing order, etc. See the commit for details.
Still needs some review/refinement in places, but it's reasonably complete and should cover more than enough to get people up and running with it.
N.B. You can do more NAT after NAT64 but the traffic has already been translated by NAT64 before it reaches outbound NAT so you would have to match based on what the traffic is post-NAT64. So not practical, but possible.