WAN access from inbound [screen shot]



  • I've searched the NAT boards for this as well as the pfSense book, but I can't find any solutions to my problem.

    Here's my situation…

    I've set up a multi-wan with failover with 1 static IP as the WAN interface (T1 connection) and 1 static IP as the OPT1 interface (RoadRunner cable connection).

    I need ALL incoming connections to enter through my WAN connection, to access a static public IP (66.x.x.x)/28 that is mapped to a private address (172.16.x.x) within our internal network. No inbound connections should come through the OPT1, as it is solely intended for web browsing.

    Also, once the inbound traffic can access that IP, is it possible to have them exit the same way they came in?

    Thank you,

    Heres a screen shot.




  • It sounds to me like you shouldn't have configured a multi-WAN failover, but I don't know if it's even relevant to what you're asking here.

    If i understand this setup correct, your WAN address is 66.x.x.x. That means you need to add 66.y.y.y as a virtual IP, and then use 1:1 NAT for that IP to 172.16.x.x. Once you set that up, you just need to set your firewall rules to allow access to the ports you want open.

    @FSPL:

    Also, once the inbound traffic can access that IP, is it possible to have them exit the same way they came in?

    I don't know what you mean by this exactly. If you want connections that are initiated by 172.16.x.x then you need to set that up in Outbound NAT using AON. You should already be using AON to use the RR connection for web browsing, but it's hard to tell from your diagram because LAN is missing.


Log in to reply