NAT port forwarding and VIP question

  • i'm currently using monowall and about to replace it with pfsense, i just need the features of pfsense not present on monowall however i have a question though regarding NAT, in my monowall i have a DMZ interface which uses inbound NAT, is this the same as pfsense port forwarding? i also notice that there is no server NAT on the NAT page, where do i enter the values for server NAT? the Virtual IP? i also want to change my current setup and i want to know if it's feasible, currently my public ip is /29 and i'm using two ip's for my two websites and 1 ip for the webmail and plus the ip of pfsense/monowall, what i want to happen is use the public ip of pfsense/monowall as the ip of one of the website we're hosting, is this possible? can port forwarding do it?


  • as additional info/question, in my monowall i use proxy arp when i defined the public ip's in the server NAT page, when i try to create a VIP, i have three choices, proxy arp, carp and other; which one should i use? i don't have failover setup.

  • ServerNAT is 1:1 NAT in pfSense though you also can use a combination ot portforward and advanced outbound nat to do the same. However portforwards support the nat reflection feature if turned on at system>advanced.

    Which type of VIP you use depends on your needs and how your connection is set up. ProxyARP is basically the same type that m0n0 uses. CARP is for redundancy mainly but will work on a single box too. Using it's easier to add failover later. Other is accepting IPs but won't produce Layer2 messages for this IP. This usually works if your provider routes additional IPs to you without the need that the pfSense generates layer2 messages for it.

    If proxyARP worked for you in your previous m0n0 setup go with it.

Log in to reply