-----Original Message----- From: Seth Mos [mailto:[email protected]] Sent: 17 December 2009 12:07 To: [email protected] Subject: Re: [pfSense Support] Advanced outbound NAT -- Auto firewall rules on or off?
Gabriel - IP Guys schreef: > If I enable Advanced outbound NAT -- which according to the guide > Pfsense MultiWAN Howto, > http://mirror.qubenet.net/mirror/pfsense/tutorials/policybased_multiwan/ > policybased_multiwan.pdf I just looked at it. It's entirely correct. (that's what I thought! - Thank you for the clarification) > If I am adding rules, and I check auto add firewall rule for NAT rules, > I am assuming that I will not have to go an add the firewall rules in. Port forwards is from outside to inside. That is seperate from outbound traffic. You can create port forward entries on both external interfaces to a single DMZ ip address without issues. (Maybe local language barrier! -- add the firewall rules in = Configure the firewall accordingly :-) ) > But on the page, Firewall : NAT : outbound -- There is a note saying > that outbound NAT rules will no longer be automatically generated. I'm > pretty sure that both options cannot be correct. The automatic generation of outbound rules is good enough when either WAN has a single address. Although in most cases you will want to create manual outbound NAT rules for both the DMZ and LAN and for both WAN connections. You need this when you want to use STATIC port on the outbound NAT rules, for example voip or game services. Or if you want to bind traffic to a specific outside IP address. (I have multiple IP addresses for each WAN connection. Will that be a factor? -- I do not have a DMZ zone configured -- I'm guessing from this, that each inbound rule will have to be configured twice once for each ISP? ) > I'm currently running version 1.2.2 -- and I'm trying to get my multiple > IP's working, and Multiple ISPs configured. Use 1.2.3-RELEASE. Create manual outbound NAT rules. (I think that I'm going to go and check the change log, and then upgrade) > I cannot explain how much pain that this has given me, and seeing as I'm > not dead, I'm getting seriously stronger :) Congratulations. You have won a sticker. (Again! Local language barrier!) Regards, Seth --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected] Commercial support available - https://portal.pfsense.org --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected] Commercial support available - https://portal.pfsense.org
