Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    How to multi-forward with multi WAN?

    Routing and Multi WAN
    2
    2
    342
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      StefanKittel
      last edited by StefanKittel

      Hello,
      I have a current pfsense running with about 12 WAN-lines and 40 LAN-Clients in different VLANs.
      I need portforwarding a single different TCP Port for each client and for each WAN-Line.

      The ports will be used for https, smtp, imap, rdp and some other traffic.

      The WAN-Lines are simple router like fritz!box with VDSL 25MBit.
      More is not possible at this location.

      Each FB forwards all ports to the pfsense (exposed host).

      Currently there are 40 rules to forward one port each to a client.
      If a WAN lines failes I need to reconfigure the interface for this rule.

      If I want to forward each 40 ports on each WAN-interface there would be 480 rules.
      In pfsense you can't forward for any interface. You need to specifiy the interface (WAN1, WAN2, etc).

      Can I forward all ports for each WAN-interface (12 rules) to a virtuel interface and from there to each client (40 rules)?
      That would be much easierer.

      Currently
      WAN1:8001 -> 192.168.178.50:443
      WAN2:8001 -> 192.168.178.50:443
      WAN3:8001 -> 192.168.178.50:443
      WAN2:8002 -> 192.168.178.60:443
      WAN3:8003 -> 192.168.178.66:443

      Wanted
      WAN1:* -> 10.250.0.1:*
      WAN2:* -> 10.250.0.1:*
      WAN3:* -> 10.250.0.1:*

      10.250.0.1:8001 -> 192.168.178.50:443
      10.250.0.1:8002 -> 192.168.178.60:443
      10.250.0.1:8003 -> 192.168.178.66:443

      Thanks

      Stefan

      V 1 Reply Last reply Reply Quote 0
      • V
        viragomann @StefanKittel
        last edited by

        @StefanKittel said in How to multi-forward with multi WAN?:

        I have a current pfsense running with about 12 WAN-lines

        Wow! (?)

        Can I forward all ports for each WAN-interface (12 rules) to a virtuel interface and from there to each client (40 rules)?
        That would be much easierer.

        No, not this way that the virtual IP is on pfSense. Port Forwarding is applied at first step on incoming packets on an interface. So if the packet doesn't enter an interface, no port forwarding rule is applied at all.

        Refer Ordering of NAT and Firewall Processing

        What you could do to simplify the rules is proxying the traffic using HAproxy.
        So you can configure frontends (maybe TCP mode), one for each port, listening on any IP, say localhost. And forward traffic from all interfaces to localhost.
        You will need a separate rule for each not continuous port range though, however, it should be possible to do this with a single rule for each port on interface groups (all WANs).

        But I'm not sure if this will also work in transparent mode, otherwise you will lose client information of none-http traffic.

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.