pfSense

oh, I see no reason why you call nat-1to-1 when traffic is internet toward natted machine (B) and routing when it is from machine to internet. It is a flow from point A to point B and sometime A dislike seeing B using several public IP. One to One is first imaginated/interpreted in both direction.

Franck

it is both directions, where traffic is set to leave the interface where that 1:1 is assigned. Read http://pfsense.org/book for details on how that works and why it works that way. It can't work any other way, NAT doesn't determine where traffic goes, rules do.

then we have a problem.....!

If i read well, nat-1-to-1 is in both direction, when an interface is 'wan'.

You also in:BSDCan 2008
From zero to hero with pfSense
May 13, 2008

Default Configuration
Outbound
NAT to WAN IP (or to any OPT-Interface that has a
gateway set)Default outbound NAT config
Translates outbound traffic to IP of WAN used

The problem IS what you use to determine who is WAN and who is LAN
Reading docs, it seems it is the presence of gateway field in the interface definition.

This is not enought because with some configuration an interface is assigned an IP/32 and nothing else and is wan.
See the request you closed yesterday (#1847) and #972.

So the checkbox is not 'strict one to one' but rather 'This is WAN' in interface definitions.
Another reason fix #972,#1847,#1846 in the same missing-features correction ;-)

Please read first lines of this english article
http://blog.magiksys.net/pfsense-firewall-default-gateway-different-subnet

Franck

Having a /32 IP on an interface and a gateway on another subnet is not a valid pfSense configuration, and thus not supported. If/when the other bug is solved, it will be at that point, and this may need to be addressed as well -- at that time. It is not a problem/bug in the current code, it is a feature that does not exist. You might add a footnote about this on the other open ticket.