Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Interface group and port forward multiple ports

    Scheduled Pinned Locked Moved
    NAT
    2
    5
    201
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • C
      Conjurer
      last edited by

      Hi,

      I have multiple VLANs for which I have configured multiple port forward rules. It is redirecting all non-local DNS and NTP lookups to 127.0.0.1.
      4d16bd03-c1bd-4c5b-ace1-8e55fb204733-image.png

      In the picture above four rules for two VLANs are shown, but I have more (rules and VLANs). For every VLAN is have two rules. Now I'm rewriting my config to a new unit and thought, maybe I can do this more efficiently. I've come up with the following rule:

      0416c065-9b21-46d7-8473-3180aecdc06d-image.png

      IG_PortForward (which is an interface group) contains interfaces 05_VL10_MGMT, 05_VL20_DMZ and all other VLANs for which I want to redirect DNS and NTP traffic to 127.0.0.1.
      NAT_PortForward_IP_Ranges contains the network ranges (/24) of the VLANs that are present in interface group IG_PortForward.
      NAT_PortForward_Ports contains ports 53 (DNS), and 123 (NTP).

      Would this work?

      V 1 Reply Last reply Reply Quote 0
      • V
        viragomann @Conjurer
        last edited by

        @Conjurer
        Yes, should work.
        However, I would use 'any' for the the destination address.

        C 1 Reply Last reply Reply Quote 1
        • C
          Conjurer @viragomann
          last edited by

          @viragomann
          Thank you for your answer.

          Like so?
          43ce1fbb-b5cc-48d3-bab1-460cb6944455-image.png

          I guess that makes more sense, as any destination should be redirected to 127.0.0.1.

          V 1 Reply Last reply Reply Quote 0
          • V
            viragomann @Conjurer
            last edited by

            @Conjurer
            Yes, I'm using very similar rules, but for other purposes.

            C 1 Reply Last reply Reply Quote 0
            • C
              Conjurer @viragomann
              last edited by

              @viragomann
              Cool! Thanks for the suggestion.

              1 Reply Last reply Reply Quote 0
              • First post
                Last post