NAT from Multiple Source Addresses to One Destination Address



  • Since upgrading from pfSense 2.0 to pfSense 2.3.2, I am no longer able to add multiple NATs for a single destination IP Address. Is there some other way that I'm supposed to be doing this now?

    I would like to enable access from any of a software vendor's three external IPs ( in different subnets ) to our server. I can see the NATs that are in there from the previous version, and they work fine, but I am unable to save them after editing until I have removed the old duplicates.

    Example:
    Source IPs: 16.2.3.4  67.50.51.51  198.189.12.4
    Destination IP: 192.168.0.10
    Destination Port: 62246

    I have no problem creating the first rule, but when I try to create the second rule, I get the following: The destination port range overlaps with an existing entry.

    Should I create an alias with the three Source IPs and then set the Alias as the source address? Or is there some other way I should approach this?

    Thanks in advance for the help.



  • I ran into this same issue after upgrading from 2.1 to 2.3.2 as well. Here's how I resolved it (I used the information from your example);

    (NOTE: Replace "pfsense.local" in the links below with the IP Address of your pfSense Installation.)

    First, you want to create a Firewall IP Alias (https://pfsense.local/firewall_aliases_edit.php?tab=ip) with the Source IP's you want to allow access from.

    Next you want to create your Firewall NAT Port Forward (https://pfsense.local/firewall_nat_edit.php) using the "Single host or alias" option for the Source, and then input the name of the Alias you previously created (pfSense will show you what it has saved once you start typing the name).

    NOTE: You will want to delete any Firewall NAT Port Forwards that are currently using the same Port and Destination IP's you are going to use.

    Continue to setup the Firewall NAT Port Forward as normal.

    Done.  8)

    Keyword Search Information:
    pfSense NAT "the destination port range overlaps with an existing entry"
    pfSense NAT multiple source addresses to single destination port
    pfSense NAT multiple source IP to single host





Log in to reply