• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

Use of aliases for port forwarding

Scheduled Pinned Locked Moved NAT
7 Posts 3 Posters 545 Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • L
    lifeboy
    last edited by Feb 13, 2025, 3:24 AM

    I have a setup for a specific service which requires that traffic to a single ip address on different ports be forwarded to different internal addresses on different servers. (Pretty much the point of port-forwarding).

    In order to have a neater set up port-forwarding rules, I have created an alias for each group of ports that must be forwarded to a specific LAN address. For example, these ports are for TCP traffic to server 1.

    d2632610-8eb6-4dae-94bb-43fb3440a22d-image.png

    I have an alias for all the UDP ports and similarly for each other server an alias for the TCP and UDP ports.

    It looks like this:

    e2fa0bd6-dc72-4f91-aa00-63a44e41b4a8-image.png

    My question is: Will this work correctly? In other words, will the alias work in such a way, that traffic for instance to port 443 will be forwarded to port 443, and so for the other ports?

    I'm asking because when we switched to this setup this morning, despite resetting the fireall states, some traffic wasn't flowing. So I created individual rules for each port and about 30 minutes later things seemed to be working. I'm not sure it's the rules that causes this or if it was something else.

    S 1 Reply Last reply Feb 13, 2025, 3:36 AM Reply Quote 0
    • S
      SteveITS Rebel Alliance @lifeboy
      last edited by Feb 13, 2025, 3:36 AM

      @lifeboy per https://docs.netgate.com/pfsense/en/latest/nat/port-forwards.html#port-forward-settings aliases are allowed as long as it’s the same alias.

      Only install packages for your version, or risk breaking it. Select your branch in System/Update/Update Settings.
      When upgrading, allow 10-15 minutes to reboot, or more depending on packages, and device or disk speed.
      Upvote 👍 helpful posts!

      L 1 Reply Last reply Feb 13, 2025, 3:49 AM Reply Quote 0
      • L
        lifeboy @SteveITS
        last edited by lifeboy Feb 13, 2025, 4:02 AM Feb 13, 2025, 3:49 AM

        @SteveITS So I want to be really clear on this: The fact that I have bundled lots of ports together in an alias is fine, as long as I use the same alias in the destination and redirect spec? Like this:

        bb5428b2-5e14-478d-929b-6e6a17b60e14-image.png

        B 1 Reply Last reply Feb 13, 2025, 10:39 AM Reply Quote 0
        • B
          Bob.Dig LAYER 8 @lifeboy
          last edited by Feb 13, 2025, 10:39 AM

          @lifeboy According to the docs, it should work. But would I count on it, I don't. And the alias for the host is just one single machine? If that is true, it could be a bug, according to the docs...

          L 1 Reply Last reply Feb 13, 2025, 11:12 AM Reply Quote 0
          • L
            lifeboy @Bob.Dig
            last edited by Feb 13, 2025, 11:12 AM

            @Bob-Dig Yes, the Alias for the host "Hytera3_POC" is a single host with multiple services, each on a different port.

            There are 4 different hosts like this and they all work ito port forwarding, except the one that may have had some issues. However, it seems as if the problem only occurs one one type of client device (that consumes these services), so the port forwarding seems not the be a problem.

            S 1 Reply Last reply Feb 13, 2025, 1:11 PM Reply Quote 0
            • S
              SteveITS Rebel Alliance @lifeboy
              last edited by Feb 13, 2025, 1:11 PM

              @lifeboy I was set to say “no” above but the docs allow it. I’ve rarely had the occasion to try.

              Good find that your issue is tied to the client type. Though, hard to see how. Smells more like a routing or software firewall problem, that’s in the connection path.

              Only install packages for your version, or risk breaking it. Select your branch in System/Update/Update Settings.
              When upgrading, allow 10-15 minutes to reboot, or more depending on packages, and device or disk speed.
              Upvote 👍 helpful posts!

              L 1 Reply Last reply Feb 19, 2025, 1:33 PM Reply Quote 1
              • L
                lifeboy @SteveITS
                last edited by lifeboy Feb 19, 2025, 1:34 PM Feb 19, 2025, 1:33 PM

                @SteveITS What I meant by "one type of client device" is the following:

                The customer has a number of application servers that provide a whole range of services. Their clients have devices that connect to their services. They recently updated their servers to a new major release and it seems the problem is that some clients, running an older version of the client software, were having trouble connecting to the new servers, which it turns out has nothing to do with the port forwarding at all.

                1 Reply Last reply Reply Quote 1
                7 out of 7
                • First post
                  7/7
                  Last post
                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
                  This community forum collects and processes your personal information.
                  consent.not_received