• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

Using firewall aliases outside of firewall rules?

Scheduled Pinned Locked Moved General pfSense Questions
4 Posts 3 Posters 360 Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • T
    tgl
    last edited by Mar 9, 2024, 1:02 AM

    Hi, noob here setting up a 4200. When I read about firewall aliases I thought that looks great, I can put potentially-changeable IP addresses in just one place. So far it hasn't panned out very well. I can use the aliases I made in actual firewall rules, but I had no luck using them to define virtual IP addresses, nor did they work (as either external or internal addresses) when setting up 1:1 NAT mappings. I can sort of see why they might not work for virtual IP addresses, but why not in NAT mappings? Have I done something wrong? (I defined the aliases as "host" aliases containing single numeric IPv4 addresses.) If it actually doesn't work, could I request consideration of that as a future feature?

    The specific use-case here is that I'd like to have just one place to change when I replace a network-exposed server by another one with a different local IP address. It's great for sure that I won't have to touch all the firewall rules, but I'm not at "just one place" yet.

    S 1 Reply Last reply Mar 9, 2024, 1:47 AM Reply Quote 0
    • S
      SteveITS Galactic Empire @tgl
      last edited by Mar 9, 2024, 1:47 AM

      @tgl A guideline would be they’re usable any place the alias autocomplete works.

      I’m pretty sure I’ve used an alias in an outbound NAT but I don’t think they’re addable as say the actual VIP. A guess, that’s likely more OS network configuration and not inside pf (the program) where the aliases would be defined.

      Pre-2.7.2/23.09: Only install packages for your version, or risk breaking it. Select your branch in System/Update/Update Settings.
      When upgrading, allow 10-15 minutes to restart, or more depending on packages and device speed.
      Upvote 👍 helpful posts!

      1 Reply Last reply Reply Quote 0
      • S
        stephenw10 Netgate Administrator
        last edited by Mar 9, 2024, 9:54 PM

        You can always add a feature request here: https://redmine.pfsense.org/

        T 1 Reply Last reply Mar 10, 2024, 1:53 AM Reply Quote 1
        • T
          tgl @stephenw10
          last edited by Mar 10, 2024, 1:53 AM

          @stephenw10
          OK, done at https://redmine.pfsense.org/issues/15326

          1 Reply Last reply Reply Quote 2
          4 out of 4
          • First post
            4/4
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
            This community forum collects and processes your personal information.
            consent.not_received