1:1 NAT and Multiple Public IPs



  • Hello, Tomorrow I am going into my colo datacenter to install a pfSense firewall box.  I want to setup the the firewall to use 1:1 NAT on four servers.  I have 16 public IPs so that shouldn't be a problem.  I have never used pfSense before, so, the question is, can I do this easily through the web interface.  Should I just be able to alias more IPs to the public facing interface and then be able to 1:1 NAT them.  I was reading these forums and it looks like I may have to do the alias by hand with ifconfig.  I am an experianced *NIX user, so I can do that, but it would be nice if I could easily configure this via the web interface.  Do you have any good tips to help me get through this quickly, perhaps a walkthrough.  We want minimal downtime.  Thanks!



    • Add virtual IPs for all your additional IPs (I suggest using CARP, this way you can add another machine for failover later easily)
    • Add 1:1 NATs between the virtual IPs and your internal IPs
    • Add firewallrules to allow traffic (destination is your internal IP as nat is applied first and firewallrules are matched after natting)


  • I had same problem, to map multiple WAN IP's to internal LAN/DMZ IPs. Example: 212.xx.xx.xx => 10.xx.xx.xx

    First I make Virtual IPs for every of my external IP (212.xx.xx.xx.) but it was not possible to use NAT 1:1 settings!
    You have to use "NAT Port Forward" insted. In the "External address" drop down you will see all your Virtual IPs and you can easy map them to your internal IPs and choose desired ports/ranges.


Log in to reply