[Feature Request] Scheduled NAT



  • So I'm not sure if this is the right sub-forum, but basically I'd like to request this feature as it would help me out a lot.

    I see that pfsense currently has the capability to apply firewall rules on a schedule, which is great. However, I wonder whether this functionality could also be extended to NAT?

    What I'd like to be able to do is to forward certain ports to different IPs at different times. Kind-of a time-share for public-facing ports.

    One example use-case for this would be renewal of Let's Encrypt certs. Currently, I use Let's Encrypt to provision certificates for pfSense, Mail-in-a-Box and Open Media Vault, which all reside behind a single public IPv4 address. (There may even be more services in future). All of these require port 80 to be publicly accessible. The initial setup is relatively straight-forward, as I can just manually forward the port to the appropriate internal IP, but where things get tricky is the automatic renewal.

    If I could set pfSense to forward the ports on a schedule matching the renewal cycles for the different certs, each one could have the port forwarded at the time it's needed, and only for that time period. The port could be closed the rest of the time, or used for something else.

    Is there any chance of this being implemented at some point in the future?


  • Rebel Alliance Developer Netgate

    Unlikely, and there is probably a better way to implement what you're after that doesn't require using port 80, such as using HAProxy and ACLs to determine how to route the requests.


Log in to reply