Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Using firewall aliases outside of firewall rules?

    Scheduled Pinned Locked Moved General pfSense Questions
    4 Posts 3 Posters 462 Views 3 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • T Offline
      tgl
      last edited by

      Hi, noob here setting up a 4200. When I read about firewall aliases I thought that looks great, I can put potentially-changeable IP addresses in just one place. So far it hasn't panned out very well. I can use the aliases I made in actual firewall rules, but I had no luck using them to define virtual IP addresses, nor did they work (as either external or internal addresses) when setting up 1:1 NAT mappings. I can sort of see why they might not work for virtual IP addresses, but why not in NAT mappings? Have I done something wrong? (I defined the aliases as "host" aliases containing single numeric IPv4 addresses.) If it actually doesn't work, could I request consideration of that as a future feature?

      The specific use-case here is that I'd like to have just one place to change when I replace a network-exposed server by another one with a different local IP address. It's great for sure that I won't have to touch all the firewall rules, but I'm not at "just one place" yet.

      S 1 Reply Last reply Reply Quote 0
      • S Offline
        SteveITS Rebel Alliance @tgl
        last edited by

        @tgl A guideline would be they’re usable any place the alias autocomplete works.

        I’m pretty sure I’ve used an alias in an outbound NAT but I don’t think they’re addable as say the actual VIP. A guess, that’s likely more OS network configuration and not inside pf (the program) where the aliases would be defined.

        Only install packages for your version, or risk breaking it. Select your branch in System/Update/Update Settings.
        When upgrading, allow 10-15 minutes to reboot, or more depending on packages, and device or disk speed.
        Upvote 👍 helpful posts!

        1 Reply Last reply Reply Quote 0
        • stephenw10S Offline
          stephenw10 Netgate Administrator
          last edited by

          You can always add a feature request here: https://redmine.pfsense.org/

          T 1 Reply Last reply Reply Quote 1
          • T Offline
            tgl @stephenw10
            last edited by

            @stephenw10
            OK, done at https://redmine.pfsense.org/issues/15326

            1 Reply Last reply Reply Quote 2
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.