Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    NAT rule

    Scheduled Pinned Locked Moved NAT
    4 Posts 2 Posters 511 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • B
      bigunit99
      last edited by

      Hi Guys,

      AWS pf sense running with 2 nics, internal and external.

      Port forwards work ok but

      I need to have my AWS security group wide open to my destination servers ( web, mail etc for port forwards to work) as the source shows the external ip the request is originally coming from, not the PFsense box as i would of expected ?

      any assistance or guidance would be great.

      Cheers !

      V 1 Reply Last reply Reply Quote 0
      • V
        viragomann @bigunit99
        last edited by

        @bigunit99
        Basically pfSense applies a NAT rule on outbound traffic automatically if there is a gateway stated on the outgoing interface.
        So check the WAN interface settings if the gateway is there. Assuming your WAN has a static IP.

        1 Reply Last reply Reply Quote 0
        • B
          bigunit99
          last edited by

          No sorry I'm speaking of Nat port forwarding rules from ext to int.

          V 1 Reply Last reply Reply Quote 0
          • V
            viragomann @bigunit99
            last edited by

            @bigunit99
            I see, but it’s usually desired to see the origin IP address, to know where the request is coming from.

            However, if you don’t care about that you can also masquerade inbound traffic by an outbound NAT rule. You have to add it manually though.

            To do so, switch over the outbound NAT to hybrid mode. Then add a rule:
            interface: LAN
            Protocol: TCP or whatever you need
            Source: any
            destinations: LAN net or an alias which
            includes the desired IPs
            destinations port : any or an alias which includes the ports you need
            Translation: interface address

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.