Multi WAN IPs, help with NAT



  • Moving this post here from general sub. I know this has been asked, and I have researched on my own, but the more I find the more confusing it gets, without leading me to a clear understanding.

    Heres my setup; cable modem with 5 static IPs. >>> pfSense (dual NIC Lan\Wan)>>>Small network with multiple servers (MAIL, Owncloud, remote access)

    What is the (best practices) way to go about this. Do I add more NICs, each external IP on its own port?? Trying to setup aliases isnt working out so far. Still trying to wrap my head around the config options and nail down the NAT settings.
    What is the best way to NAT the same port based on ext source IP. Ex: webmail and owncloud are both on HTTPS (443) so my firewall rules should be something like (mail) source WAN IP X.X.X.121 port:443 to LAN IP X.X.X.20 allow and (owncloud) source WAN IP X.X.X.122 port:443 to LAN IP X.X.X.25 allow.
    Seems simple enough, but so far cant make this happen with aliases.



  • You don't use aliases, you use Virtual IPs.

    https://doc.pfsense.org/index.php/What_are_Virtual_IP_Addresses

    Once you have assigned your 5 IPs to your WAN, the net step is to create NAT rules that direct traffic from your public IP/port to LAN IP/port.

    https://doc.pfsense.org/index.php/How_can_I_forward_ports_with_pfSense

    https://doc.pfsense.org/index.php/Port_Forward_Troubleshooting


Log in to reply