Port forwarding to an Alias of IPs, but only one active at a time



  • I have a device with both wifi and ethernet. I have static DHCP entries for both MAC addresses. At any given time, only one of the device's interfaces will be active. If I plug in an ethernet cable, it drops the wifi connection and DHCP's itself on the wired connection, if I unplug the cable, it does the reverse. The wifi network it joins and the wired network it joins are always on the same VLAN

    What I would like is to treat this device as a single entity in pfSense. I have a Port Forwarding entry for it and a Firewall rules for it. What I'm doing right now is using an Alias that I manually put one or the other IP in. The device is mostly on wifi, but occasionally I want to troubleshoot and I plug it in to a Ethernet.

    If I put both entries in the Alias, I'm confident the Firewall rules will work, but I don't know how the Port Forwarding rule could work. It shouldn't be possible to forward external port 12345 to two different internal IPs, right?


  • LAYER 8 Global Moderator

    @gertty said in Port forwarding to an Alias of IPs, but only one active at a time:

    It shouldn't be possible to forward external port 12345 to two different internal IPs, right?

    It's not.. Prob the simplest solution would be to have 2 port forwards.. And just enable the one you want to use at the time..



  • It's not.. Prob the simplest solution would be to have 2 port forwards.. And just enable the one you want to use at the time..

    Thanks for the reply. I've already got a switch on/off solution, I keep an Alias everywhere then just swap out which single IP it contains.

    But the Web UI does let me enter an Alias for Redirect target IP and save it that way, even if the Alias has two IPs in it. I was posting to find out what actually happens on the box when I do that and hoping it was maybe something magic like "only forward to whichever one is active"


  • LAYER 8 Global Moderator

    Nope no magic there - I would assume it just takes the first IP it finds in the alias.


Log in to reply