Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Difference between NAT (port forward) and just open a port

    Scheduled Pinned Locked Moved NAT
    natrules
    5 Posts 3 Posters 748 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • P
      Panja
      last edited by Panja

      Probably a n00b question but hopefully someone is willing to help me out. ✌

      The following scenario:
      I have a web server on my LAN and I want to expose my websites to the public through port 80 and 443.

      Do I need to create a NAT rule and Port Forward (80 & 443) to my server's LAN IP?
      Or do I just create a WAN firewall rule and open port 80 & 443 to my my server's LAN IP?

      What's the difference?
      As far as I can see when creating a NAT rule (Port Forward) there is automatically a WAN rule created for this so why not just only create the WAN rule instead of NAT?

      1 Reply Last reply Reply Quote 0
      • kiokomanK
        kiokoman LAYER 8
        last edited by kiokoman

        you need to create a NAT rule and Port Forward (80 & 443) to your server's LAN IP
        if you just open the port it will be open for the firewall itself
        long story short you open the port in the firewall and then you tell the firewall to forward the incoming traffic to your internal lan

        ̿' ̿'\̵͇̿̿\з=(◕_◕)=ε/̵͇̿̿/'̿'̿ ̿
        Please do not use chat/PM to ask for help
        we must focus on silencing this @guest character. we must make up lies and alter the copyrights !
        Don't forget to Upvote with the 👍 button for any post you find to be helpful.

        1 Reply Last reply Reply Quote 1
        • P
          Panja
          last edited by

          @kiokoman

          Many thanks! That explains a lot.

          1 Reply Last reply Reply Quote 0
          • johnpozJ
            johnpoz LAYER 8 Global Moderator
            last edited by

            @Panja said in Difference between NAT (port forward) and just open a port:

            there is automatically a WAN rule created for this

            You would be surprised at how many users, change that default of it creating the wan rule for them and then wonder why port forwarding doesn't work.

            The nat/port forward rules are evaluated before the firewall rules.. But without the firewall rule the traffic would not be allowed. So yes you need both.

            Now if you had a routed space behind pfsense that was not natted, then just the firewall rule would be enough. Say in the case of IPv6 - you don't need to do nat, just the rule allowing the traffic to the IP.

            An intelligent man is sometimes forced to be drunk to spend time with his fools
            If you get confused: Listen to the Music Play
            Please don't Chat/PM me for help, unless mod related
            SG-4860 24.11 | Lab VMs 2.8, 24.11

            1 Reply Last reply Reply Quote 0
            • P
              Panja
              last edited by

              @johnpoz
              I see. Thanks for your help as well! Appreciated.

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.