1:1 Nat with wan interface ip



  • Hello,
    I'm using PfSense as a "simple" failover and load balance appliance. I have two dsl connection from different ISP. Each connection is connected (with Isp's router) in 1:1 with wan and opt1 interfaces. I've onl a single static ip on each connection. I've set 1:1 nat for the opt1 interface without any problem, but I can't make this on the wan interface. On my wan interface I have 192.168.0.2 as ip (gateway 192.168.0.105) I need to make 1:1 Nat of this IP to an internal ip.. Actually I've created a port forwarding 1-65535 and 'ive set in outbound nat the static port option, but I don't know if this is correct.

    Thank you



  • Yes you cannot use multiple 1:1 NAT forwards. (which makes sense if you think about it).

    Forwarding 1-65535 two times and setting the static port option is a solution.

    However, since i'm not a fan of 1:1, forwarding 1-65535 seems a bit of overkill to me.
    You you just allow single port with the firewall?
    Why dont you create an alias containing all the port you want to forward,
    and then use this alias in the portforward rule and in the firewall rule.

    If you want to add a port to the allowed list, you just have to change this alias.
    (And you even dont forward all ports by default).



  • Hello,
    thank you for your reply… Actually I'm using this configuration because all the traffic will came in another firewall on which I manage the rights port forwardings (if I add to pfsense only the port forwarding that I needs I will need to configure this also when I need a new rule)... if you are thinking that this is unuseful you're right but I'm using this configuration because I need the two wan connections and actually I'm not ready to change the other firewall (because it is a mail gateway also with antispam and antivirus).. I know the spamd package but as I read on the forum there are some problem with it (and actually I manage 200 mailboxes in 5/6 domains).. I think that a better solution will be to use bridged mode between firewall and pfsesnse.. but I've no idea on  how can I make this with the two lan connection... and I don't know if in bridged mode I'll be able to loadbalance the two wans connection... My actually ip configration is:

    PublicIP 1 --> DSL ROUTER (192.168.2.1) --> WAN PFSENSE (192.168.2.2) --> LAN PFSENSE (192.168.3.1) --> My old Firewall (192.168.3.2)
                                                                                                                            ^
    PublicIP 2 --> DSL ROUTER (192.168.0.105) --> OPT PFSENSE (192.168.0.2) ------------|
    NOTE: FOR THIS CONNECTION (PUBLIC IP2) I CAN'T ACCESS/MANAGE THE ROUTER THET IS PROVIDED BY THE ISP... they've configured a 1:1 natting on 192.168.0.2 for the incoming ip

    Thank you for your time...


Log in to reply