Automatic Mirror Nat/Rules across multiple WANs



  • I'd like to be have most/all of the rules I create for one WAN connection to sync to my other WAN connection. Or just set each rule during creation to apply to both WANs instead of just one.  Is this possible?

    Example: Two internet connections (1 cable and 1 DSL)  In oder to connect to the computers/servers inside the router from the internet I must create identical NAT port forwarding rules for each connection so that in case one connection goes down, I can still access everything through the other.  Also Failover and DDNS is set up so that if either go down, my DDNS provider will be updated to use the working connection. Is there an easier way to sync the rules between WANs?
    Thanks all!



  • Anyone?



  • Use aliases.
    Create an alias containing all the ports you want to forward.

    Then create an NAT rule with as inbound/destination port this alias.
    Create a rule for each WAN.
    The autocreated rule for the WAN uses this alias as well.

    Now if you ever want to change anything, you just have to change the alias.

    The DNS failoverpart is not possible with the pfSense itself.
    However what you can do:
    Install the client to update the dynDNS entry on the server itself.
    Let the server check every minute or something if it's IP changed.
    Have the outbound traffic of the server in a separate failover-pool.
    Now if the primary WAN fails, the server will notice within one minute that it's IP changed and update that with dynDNS.


Log in to reply