Todo #16135
closed
Added by Marcos M 8 months ago.
Updated 7 months ago.
Description
NAT64 can now be enabled for firewall rules. NAT64 can be used with normal interface rules and floating rules. It also supports route-to.
Notably packets which have been translated by NAT64 cannot then be translated again by NAT rules (e.g. Outbound NAT). For example if a static route exists for 172.27.0.0/16 via WAN2's gateway, then a policy routing rule can be created for the destination 64:ff9b::172.27.0.0/112 or 64:ff9b::ac1b:0/112 with WAN2's gateway set. This could be mentioned here:
https://docs.netgate.com/pfsense/en/latest/nat/process-order.html
- Status changed from New to In Progress
- Assignee set to Jim Pingle
- % Done changed from 0 to 90
First pass: https://gitlab.netgate.com/docs/pfSense-docs/-/commit/b6748ba9503baa5d4e9d7c7d364ab4d215b0de1a
Staged for preview:
Still needs some review/refinement in places, but it's reasonably complete and should cover more than enough to get people up and running with it.
N.B. You can do more NAT after NAT64 but the traffic has already been translated by NAT64 before it reaches outbound NAT so you would have to match based on what the traffic is post-NAT64. So not practical, but possible.
- Status changed from In Progress to Feedback
- % Done changed from 90 to 100
This should all be reasonably complete now, along with other updates to firewall and NAT rules. It has all been deployed so should be visible to everyone now.
- Status changed from Feedback to Resolved
Looks good to me, thanks!
Also available in: Atom
PDF
Updated by 
Updated by