Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    VIP nat failing for identical services

    Scheduled Pinned Locked Moved NAT
    5 Posts 2 Posters 2.4k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • R
      rugby
      last edited by

      I created an alias of certain ports.  I then created VIP's of some public IP addresses we have.  I then went into Firewall-NAT and created port forwards for the aliased ports to the public IP addresses and had them forward to internal IP addresses that have 1-to-1 nat on them.

      The first one goes just fine, but as soon as I create the second NAT port forward the first one dies and none of them work.  I'm running 1.2.3 full.

      If I'm doing something wrong, what's the best way to have multiple aliased port forwards to public IP addresses go to different machines behind NAT?

      Oh, and I do have the book, it's just not with me tonight.

      1 Reply Last reply Reply Quote 0
      • jimpJ
        jimp Rebel Alliance Developer Netgate
        last edited by

        That isn't doing what you intend, it seems. It's probably trying to forward the same port on those IPs to the same PC behind it, and you can't forward the same port multiple times.

        You'd be better off just doing 1:1 and in that case you do not even need port forward entries at all.

        Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

        Need help fast? Netgate Global Support!

        Do not Chat/PM for help!

        1 Reply Last reply Reply Quote 0
        • R
          rugby
          last edited by

          Thanks for the answer.  If I do 1:1 isn't that forwarding ALL ports like in a DMZ?

          1 Reply Last reply Reply Quote 0
          • jimpJ
            jimp Rebel Alliance Developer Netgate
            last edited by

            That is not what a DMZ is, but that is sort of what Linksys and friends call a "DMZ".

            1:1 forwards all ports incoming and also uses that IP for outgoing traffic.

            You can still secure the traffic via firewall rules, so the risk isn't really any greater.

            Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

            Need help fast? Netgate Global Support!

            Do not Chat/PM for help!

            1 Reply Last reply Reply Quote 0
            • R
              rugby
              last edited by

              Okay, thanks again for the answer.  I'll play with these some more, I have a server to provision in our network here for a client and need to make sure everything works.

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.