Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    From NAT+proxy to PureNAT and interface rules

    Scheduled Pinned Locked Moved Firewalling
    1 Posts 1 Posters 829 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • J
      jarno
      last edited by

      Hi,

      For many years we are using PFSense and always used NAT+proxy. When the new GUI was released in PFSense the NAT+proxy mode worked different and was not reliable anymore. A few weeks ago we updated our PFSense again since a long while and finded out that some functions still works but some functions didn't. After browsing the forum and reading a lot of topics we discoverd that the proxy helper is a bad solution and the advice is to use split DNS or PureNAT. Split DNS is not a good solution because we have 100's of domainnames en DNS records. So we changed the NAT+proxy to PureNAT. Everything seems to work fine, except the following.

      For example. our WAN has IP address 8.8.8.8/29 Our LAN 192.168.1.x. OPT1 10.100.10.x
      We have a NAT rule for dnsname.com with IP address 8.8.8.8.10 which forwards to 192.168.1.20.
      Because we don't want to have access from OPT1 to the internal LAN, we block everything from OPT1 to LAN.
      When we try to connect from OPT1 to dnsname.com we need to create a firewall rule to allow traffic from OPT1 to 192.168.1.20 (or the whole network).
      But that means that for every domain name/public IP address we have to create a rule with the internal IP address of the webserver in the OPT1 network?!

      Is there a way that the rules on the WAN are also automatic applied to OPT1 <-> LAN?

      Thanks in advance for any reply!

      Regards!

      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.