Nikin last edited by
I have network with two external IP adresses on one physical port. Second ip was added as virtual IP for WAN. PfSense is used as gateway/router/dhcp/dns and has ip 192.168.60.191.
There is a server (192.168.60.250) in LAN for which second ip was get. Server will be used with rdp, ssh, telnet, etc. My job is to forward all ports to the external ip.
LAN and 2nd WAN ip are connected via 1:1, but ports are closed. Tryied to solve the problem by making rule in port forwarding: [ WAN TCP/UDP source:192.168.60.250 1-65535 dest:ext_ip 1-65535 nat_ip:192.168.60.191 1-65535 ] Ports didnt open.
Some guides told to make aliases, rule changed to [ WAN TCP/UDP source:Alias"server"(192.168.60.250) Alias"all ports"(1-65535) dest:ext_ip "all ports" nat_ip:192.168.60.191 "all ports"], but nothing changed. What am i doing wrong?
Sorry my bad english, not native language
viragomann last edited by
A 1:1 NAT rule doesn't open any port.
If you use 1:1 set up firewall rules in addition to open ports. For instance if you want to allow SSH from anywhere to 192.168.60.250 add a rule to WAN interface:
Destination: "Single host or alias" 192.168.60.250
Destination port range: SSH
If you want to open multiple ports to the same destination it's recommended to set up a Port alias in Firewall > Aliases > Ports and use this one in the firewall rule. Consider to set the protocol to "TCP/UDP" in this case.
magrw2066 last edited by
So to comprehend this,(Nat 1:1)the "external ip" would be like a ldap dn , "something reserved for broadcast' or say 18.104.22.168 (Google dns).
"Destination ip" is the private actual up address of the true provider.
The third field (network) is what a packet to the public address should be forwarded to( the packet is not of that subnet though)?