Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Multiple source networks to one destination port.

    NAT
    2
    3
    1.1k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • I
      ILang01
      last edited by

      I need to be able to set up NAT rules to allow me to direct a number of netblocks to the same destination IP and port on the LAN side of the firewall.
      Example
      Net Block 79.135.125.0/24 Plus 87.238.72.128/26 Plus 78.40.243.192/27 to destination IP xxx.xxx.xxx.xxx port 5000 for example.

      I find that I can set up a NAT rules for the first netblock (79.135.125.0/24) in this example. When I come to add a second rule pointing to the same destination and port I get the following error:

      The following input errors were detected:
      • The destination port range overlaps with an existing entry.

      What am I doing wrong or missing.

      Thank you

      1 Reply Last reply Reply Quote 0
      • johnpozJ
        johnpoz LAYER 8 Global Moderator
        last edited by

        And why would you not just create the nat to your IP and port..  And then limit who could access it via your firewall rule??

        You can not create more than one nat to the same IP and port..

        An intelligent man is sometimes forced to be drunk to spend time with his fools
        If you get confused: Listen to the Music Play
        Please don't Chat/PM me for help, unless mod related
        SG-4860 24.11 | Lab VMs 2.7.2, 24.11

        1 Reply Last reply Reply Quote 0
        • I
          ILang01
          last edited by

          Thank you for responding.

          Now I need a little help to get my head around how I would configure that in.
          Would I construct a series of rules like the following using what I wrote in my original post

          Block not 79.135.125.0/24 destination xxx.xxx.xxx.xxx
          then
          Block not 87.238.72.128/26 destination xxx.xxx.xxx.xxx
          etc
          then last would be the NAT which would anything to xxx.xxx.xxx.xxx port 5000

          Tried the above and to see if it worked. I removed the NOT tick so as I understand it then traffic should have been blocked  the address blocks.
          However, I found that traffic was getting through on the final rule/nat. I had the rules listed such that the block rules were before the NAT rule.

          So I am missing something so can you please clarify your post.

          Moving from IPCOP to pfsense has been relatively trouble free apart from this issue.

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.