[pfSense-discussion] Need Help Bad! :)

[Tim Roberts]

Sorry, but I thought I had all my ducks in a row when I did this switch....but I dont. I have 2 WAN's, 1 LAN, 1 DMZ (currenltly disabled). I have the following example as my outbound nat rules (advanced)   172.24.0.0/21 - 216.26.252.110 - WAN2 172.24.8.0/21 - 216.26.252.111 - WAN2 172.24.16.0/21 - 216.26.252.112 - WAN2 etc....   I have LAN firewall rules: Allow Any 172.24.0.0/21 to go out any - using WAN2 gateway Allow Any 172.24.8.0/21 to go out any - using WAN2 gateway etc....   everything works fine. Here is the issue:   We have customers say for instance 172.24.2.15 that have static IP's of say 216.26.250.91 whom I had to make an ADDITIONAL outbound advanced NAT entry of 172.24.2.15/32 external int. 216.26.250.91 and then they worked.   This worked in monowall (sorry for the that remark) although I did not understand why becuase of an overlap in outbound NAT rules: On one hand Im telling it to allow 172.24.0.0 - 172.24.7.254 out as 216.26.252.110 but also take someone in that space and send them out by means of a seperate outbound NAT.   When I try to do this in PFSENSE, It tells me I cannot enter the individual /32 outbound NAT becuase of an overlap.   Any work around or what I should do????? I have too many private addresses at this point to change not to mention it blows our whole layout.   All these customers can flow through the firewall just fine but go out the firewall as the vanilla /21 mapping. Its just their static IP's that do not work.   Thanks in Advance!   Tim