Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Using firewall aliases outside of firewall rules?

    Scheduled Pinned Locked Moved General pfSense Questions
    4 Posts 3 Posters 411 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • T
      tgl
      last edited by

      Hi, noob here setting up a 4200. When I read about firewall aliases I thought that looks great, I can put potentially-changeable IP addresses in just one place. So far it hasn't panned out very well. I can use the aliases I made in actual firewall rules, but I had no luck using them to define virtual IP addresses, nor did they work (as either external or internal addresses) when setting up 1:1 NAT mappings. I can sort of see why they might not work for virtual IP addresses, but why not in NAT mappings? Have I done something wrong? (I defined the aliases as "host" aliases containing single numeric IPv4 addresses.) If it actually doesn't work, could I request consideration of that as a future feature?

      The specific use-case here is that I'd like to have just one place to change when I replace a network-exposed server by another one with a different local IP address. It's great for sure that I won't have to touch all the firewall rules, but I'm not at "just one place" yet.

      S 1 Reply Last reply Reply Quote 0
      • S
        SteveITS Galactic Empire @tgl
        last edited by

        @tgl A guideline would be they’re usable any place the alias autocomplete works.

        I’m pretty sure I’ve used an alias in an outbound NAT but I don’t think they’re addable as say the actual VIP. A guess, that’s likely more OS network configuration and not inside pf (the program) where the aliases would be defined.

        Pre-2.7.2/23.09: Only install packages for your version, or risk breaking it. Select your branch in System/Update/Update Settings.
        When upgrading, allow 10-15 minutes to restart, or more depending on packages and device speed.
        Upvote 👍 helpful posts!

        1 Reply Last reply Reply Quote 0
        • stephenw10S
          stephenw10 Netgate Administrator
          last edited by

          You can always add a feature request here: https://redmine.pfsense.org/

          T 1 Reply Last reply Reply Quote 1
          • T
            tgl @stephenw10
            last edited by

            @stephenw10
            OK, done at https://redmine.pfsense.org/issues/15326

            1 Reply Last reply Reply Quote 2
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.