Quick clarification on Firewall to use NAT or Rules?
-
Hello, sorry for the silly question, however my notes show to port forward using pfSense > Firewall > NAT, as per How can I forward ports with pfSense.
However, I remember some pfSense people saying to use pfSense > Firewall > Rules.
I have problems with port fowarding and currently use pfSense > Firewall > NAT. -
Using NAT to setup port forwarding simplifies the two step process and links them so that if you change the NAT settings, the corresponding firewall rule will be updated automatically.
-
Thank you for the reply.
So I've set the port forwards in pfSense, however SSH still won't access my computer behind pfSense.Could another unknown IDS be blocking packets?
Maybe I need to use a traffic analyser to test the where the packets are being stopped? -
If you post the rule we can see if you're maybe doing something incorrectly.
-
Good idea.
Oops, attachments aren't working on pfSense? -
Hello, sorry for the silly question, however my notes show to port forward using pfSense > Firewall > NAT, as per How can I forward ports with pfSense.
However, I remember some pfSense people saying to use pfSense > Firewall > Rules.
I have problems with port fowarding and currently use pfSense > Firewall > NAT.When to use NAT: When you have a public IP that is translated to a private one. An IP of 1.1.1.1 getting translated to 192.168.1.1. Network Address Translation.
When to use pure rules: When you have a public IP assigned to a host behind pfsense. pfsense needs to merely decide if it should forward a packet to a host that is "directly" reachable (meaning it doesn't need to do any translation to get to it, I know even NAT hosts are directly reachable from the router's POV).
In both cases remember that you are viewing the rule with the remote client's POV. A source port of 80 doesn't necessarily mean port 80 will be forwarded to the webserver. In the remote client's POV, your source 80 is his destination 80.