To translate outbound packets to anything other than the interface's primary address, you have to override the default rules. On the NAT screen, you should see an either-or choice between Automatic rules and manual (maybe called advanced, not sure as I'm not at a computer right now). You'll have to turn off the automatic NAT rules and use your own. IIRC, when you switch modes, it exposes the automatic rules currently in place, so you can probably just edit them. -Adam
[email protected] wrote: >Hello, >I have two boxes set up with WAN CARP IP's which are NAT'ed to different >Virtual server pools. This is working slicker than banana peels in a Bug >Bunny cartoon. The only problem is that I would like to be able to have >the outbound traffic NAT'ed to the inbound CARP IPs, but I can not find >how to do this in the outbound NAT settings unless I opt for 1:1 NAT >which I would rather not if possible. > >Example: >Inbound to CARP IP 1.2.3.4 is NAT'ed to a virtual server pool at >192.168.1.10 which is load balanced to 192.168.1.11 and 192.168.1.12 >Inbound to CARP IP 1.2.3.5 is NAT'ed to to a virtual server pool at >192.168.1.50 which is load balanced to 192.168.1.25 and 192.168.1.26 >With no manual outbound NAT all outbound traffic gets the address of the >Firewall WAN interface as is expected. >If I try to use manual outbound NAT I can only set it for an entire >network so I could set outbound to either 1.2.3.4 or 1.2.3.5, not really >optimal. > >I would like to have the outbound traffic appear to be returning from >the respective CARP addresses. In other words, when a client makes a >request to 1.2.3.4, the return packets should have the IP of 1.2.3.4. >When a request is made to 1.2.3.5 the return packets should have the IP >of 1.2.3.5. I have only seen the ability to specify an entire network >(or any???) to outbound NAT such that all return packets would have the >IP of either 1.2.3.4 or 1.2.3.5. > >In Linux iptables world I would do something like: >iptables -t nat -A POSTROUTING -o eth1 -s 192.168.1.11 -j SNAT >--to-source 1.2.3.4 >iptables -t nat -A POSTROUTING -o eth1 -s 192.168.1.25 -j SNAT >--to-source 1.2.3.5 > >Am I mising something? I hope so. > >Thank You for any suggestions, >JohnM > >_______________________________________________ >List mailing list >[email protected] >http://lists.pfsense.org/mailman/listinfo/list _______________________________________________ List mailing list [email protected] http://lists.pfsense.org/mailman/listinfo/list
