VIP nat failing for identical services

  • I created an alias of certain ports.  I then created VIP's of some public IP addresses we have.  I then went into Firewall-NAT and created port forwards for the aliased ports to the public IP addresses and had them forward to internal IP addresses that have 1-to-1 nat on them.

    The first one goes just fine, but as soon as I create the second NAT port forward the first one dies and none of them work.  I'm running 1.2.3 full.

    If I'm doing something wrong, what's the best way to have multiple aliased port forwards to public IP addresses go to different machines behind NAT?

    Oh, and I do have the book, it's just not with me tonight.

  • Rebel Alliance Developer Netgate

    That isn't doing what you intend, it seems. It's probably trying to forward the same port on those IPs to the same PC behind it, and you can't forward the same port multiple times.

    You'd be better off just doing 1:1 and in that case you do not even need port forward entries at all.

  • Thanks for the answer.  If I do 1:1 isn't that forwarding ALL ports like in a DMZ?

  • Rebel Alliance Developer Netgate

    That is not what a DMZ is, but that is sort of what Linksys and friends call a "DMZ".

    1:1 forwards all ports incoming and also uses that IP for outgoing traffic.

    You can still secure the traffic via firewall rules, so the risk isn't really any greater.

  • Okay, thanks again for the answer.  I'll play with these some more, I have a server to provision in our network here for a client and need to make sure everything works.

Log in to reply