New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Wrong source IP used on outbound Traffic #2170
Comments
Hi there, This is the new behaviour to use round-robin on all available IP addresses... it has VIPs assigned on the interface so they want to be used. You can set outbound mode to hybrid or manual to fix the NAT behaviour to a single IP explicitly. We will make an additional note in the original 18.1 update change long for all new upgraders from 17.7 to see. Cheers, |
Hello Franco, Thank you. Setting outbound NAT to hybrid with a custom rule (NAT address = wan address) fixes it. Anyway, I think it's not the best way in automatic mode to use randomly one of the virtual IP addresses by default... The round-robin option should be set specific by the user. Best regards, Morten |
Hi Morten, The automatic outbound generation has a couple of drawbacks and will likely go through more iterations. We will factor this into the next iteration, but for now we need to see how this new system works in practice apart from causing issues with previous installs where behaviour is slightly differed. The more prevalent question for us is: how are you using the Virtual IPs on a WAN interface? Thank you, |
Hi Morten, I've made a note in the 18.1 change log that users see while upgrading. You can go to Firewall: Settings: Advanced and enable "Sticky outbound NAT" to get a consistent IP behaviour for your client connections. We are considering making this the default behaviour in a subsequent image release. Cheers, |
Hello Franco, Thank you for your support. Setting "Sticky outbound NAT" also works fine with automatic outbound NAT. It would be great to see this option turned on by default. Best regards, Morten |
yay ok will do :) |
Hello,
Referring to https://forum.opnsense.org/index.php?topic=7132.0
This issue exists since the latest upgrade from 17.7.12 to 18.1. firewall_nat_out.php is set to "Automatic". But the firewall uses randomly one of the virtual IP addresses instead of the assigned WAN address.
Is there a fix available?
Thank you.
The text was updated successfully, but these errors were encountered: