NAT 1:1 vs VIP, limiters works on LAN, but on WAN breaks NAT
I use this configuration on PfSense 2.1.5 and works very well, on PfSense 2.2.1 limiters on WAN breaks NAT 1:1.
- Several VIPs on WAN (PARP or IPAlias, is the same..)
- 1:1 NAT from VIPs to LAN IPs
- Limiters on LAN IPs (to limit the traffic that begins from LAN)
- Limiters on WAN IPs (to limit the traffic that begins from WAN
In this situation... NAT 1:1 does not work. If I disable limiters on WAN works fine.
#1 Updated by Luca De Andreis about 4 years ago
I've just installed a new, clean PFSense 2.2.1.
- Add a single VIP (IP Alias)
- Define limiters up and down for a single IP
- Define NAT 1:1 VIP->IP LAN
- Define outbond NAT manual type (outgoing single IP LAN through VIP)
- Assign limiters on LAN
- Apply: works very well
- Assign limiters in WAN (ip LAN NAT target, defined in WAN rules): NAT 1:1 breaks.
- Remove WAN limiters... all OK.
#6 Updated by Chris Buechler almost 4 years ago
- Status changed from Feedback to Confirmed
- Assignee set to Ermal Luçi
- Priority changed from Normal to High
- Target version changed from 2.2.3 to 2.3
- Affected Version changed from 2.2.1 to 2.2.x
- Affected Architecture deleted (
no change, but we'll leave as-is for 2.2.3. Limiters in general are better in 2.2.3 than earlier 2.2.*.