Port forward for both LAN and WAN in one rule



  • Let's say the WAN IP of pfSense is 172.217.2.35 and the LAN IP of pfSense is 192.168.0.1
    I have two PCs behine pfSense:
    PC1's LAN IP: 192.168.0.100;
    PC2's LAN IP: 192.168.0.101;
    I have one more PC (PC3) outside the LAN whose IP is 52.84.122.57
    PC1 is running an SSH Server on port 22. I added an NAT rule like this:

    After applying the above-mentioned rule, I can access PC1 using the following command at PC3:
    ssh admin@172.217.2.35 -p 22
    However, this command wouldn't work on PC2. I think it is because both PC1 and PC2 are in the same LAN and thus the rule somehow doesn't apply.

    So I tried to create a second rule:

    Now both PC2 and PC3 work.

    But I think this setting is a little bit awkward. Would there be any possibility that I can combine these two rules into one? (as I remember Sophos' UTM allows users to apply one rule to both interfaces, but it appears that pfSense doesn't work this way and one rule can only apply to either WAN or LAN?)

    Thanks~





  • it works! Thanks anyway.