The pfSense Store

Author Topic: Outbound NAT rule generation & FRR OSPF-learned routes/subnets  (Read 129 times)

0 Members and 1 Guest are viewing this topic.

Offline Varashi

  • Newbie
  • *
  • Posts: 1
  • Karma: +0/-0
    • View Profile
Outbound NAT rule generation & FRR OSPF-learned routes/subnets
« on: December 15, 2017, 07:06:51 am »
In playing with FRR OSPF I have stumbled accross an issue with Outbound NAT.

It seems that only connected and statically-defined kernel routes are automatically added to the Outbound NAT rule, however OSPF-learned subnets are not.

Took me quite some time to figure out why my VMs in remote subnets had access to everything, could perfectly be accessed from the internet, but could not establish any connection towards the internet themselves :D

In the end I just added an "any" Outbound NAT rule to re-establish internet access for those VMs, but this seems like a bad practice.

One of the reasons I'm using OSPF (apart from learning) is to not have to bother too much with various reconfigs all over the place to make a new subnet work. (I'm experimenting with VMware NSX and automation).
Thus my question is... is there a way to let OSPF-learned subnets be added to the Outbound NAT rules automatically, or does this functionality not exist?
If not, would a feature request for this be something to consider?

Thanks!

Offline jimp

  • Administrator
  • Hero Member
  • *****
  • Posts: 21495
  • Karma: +1458/-26
    • View Profile
Re: Outbound NAT rule generation & FRR OSPF-learned routes/subnets
« Reply #1 on: December 15, 2017, 07:23:47 am »
No. There is no way that dynamic routes can be picked up by automatic outbound NAT.

If they are all privately numbered, you could make an RFC1918 alias (192.168.0.0/16, 172.16.0.0/12, 10.0.0.0/8) and then setup hybrid or manual outbound NAT rules to match that alias as a source.
Need help fast? Commercial Support!

Co-Author of pfSense: The Definitive Guide. - Check the Doc Wiki for FAQs.

Do not PM for help!