• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

Difference between NAT (port forward) and just open a port

Scheduled Pinned Locked Moved NAT
natrules
5 Posts 3 Posters 806 Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • P
    Panja
    last edited by Panja Sep 18, 2019, 8:53 AM Sep 18, 2019, 8:48 AM

    Probably a n00b question but hopefully someone is willing to help me out. ✌

    The following scenario:
    I have a web server on my LAN and I want to expose my websites to the public through port 80 and 443.

    Do I need to create a NAT rule and Port Forward (80 & 443) to my server's LAN IP?
    Or do I just create a WAN firewall rule and open port 80 & 443 to my my server's LAN IP?

    What's the difference?
    As far as I can see when creating a NAT rule (Port Forward) there is automatically a WAN rule created for this so why not just only create the WAN rule instead of NAT?

    1 Reply Last reply Reply Quote 0
    • K
      kiokoman LAYER 8
      last edited by kiokoman Sep 18, 2019, 9:16 AM Sep 18, 2019, 9:14 AM

      you need to create a NAT rule and Port Forward (80 & 443) to your server's LAN IP
      if you just open the port it will be open for the firewall itself
      long story short you open the port in the firewall and then you tell the firewall to forward the incoming traffic to your internal lan

      ̿' ̿'\̵͇̿̿\з=(◕_◕)=ε/̵͇̿̿/'̿'̿ ̿
      Please do not use chat/PM to ask for help
      we must focus on silencing this @guest character. we must make up lies and alter the copyrights !
      Don't forget to Upvote with the 👍 button for any post you find to be helpful.

      1 Reply Last reply Reply Quote 1
      • P
        Panja
        last edited by Sep 18, 2019, 9:30 AM

        @kiokoman

        Many thanks! That explains a lot.

        1 Reply Last reply Reply Quote 0
        • J
          johnpoz LAYER 8 Global Moderator
          last edited by Sep 18, 2019, 9:34 AM

          @Panja said in Difference between NAT (port forward) and just open a port:

          there is automatically a WAN rule created for this

          You would be surprised at how many users, change that default of it creating the wan rule for them and then wonder why port forwarding doesn't work.

          The nat/port forward rules are evaluated before the firewall rules.. But without the firewall rule the traffic would not be allowed. So yes you need both.

          Now if you had a routed space behind pfsense that was not natted, then just the firewall rule would be enough. Say in the case of IPv6 - you don't need to do nat, just the rule allowing the traffic to the IP.

          An intelligent man is sometimes forced to be drunk to spend time with his fools
          If you get confused: Listen to the Music Play
          Please don't Chat/PM me for help, unless mod related
          SG-4860 24.11 | Lab VMs 2.8, 24.11

          1 Reply Last reply Reply Quote 0
          • P
            Panja
            last edited by Sep 18, 2019, 9:38 AM

            @johnpoz
            I see. Thanks for your help as well! Appreciated.

            1 Reply Last reply Reply Quote 0
            5 out of 5
            • First post
              5/5
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
              This community forum collects and processes your personal information.
              consent.not_received