All ports forwarded to multiple LAN addresses simultaneously w/o using VIP?



  • Hello Everyone,

    I have a block of public IPs routed to our main IP. This is in a data-center. Our main public IP is on a different subnet and range from the block of public IPs that is routed to it.

    I need to use all 65k+ ports for each IP. I want to avoid using Virtual IPs as it seems it gets complicated and I haven't done any virtual IP configurations yet (so best avoid it if possible).

    So, if I do NAT port forward port 80 to let's say 192.168.0.5, can I also port forward port 80 to 192.168.0.9 at the same time? And then I will open those port to the those LAN IPs in the firewall and specify a source IP address of my routed IP.

    So, I guess my question is if my Routed Public IPs are considered as Source IP in my firewall source IP address field. Or is the outside IP address the source IP?

    Thanks,


  • Rebel Alliance Developer Netgate

    In order to do that you must use Virtual IPs.

    You can only forward a specific port once for each available public IP.

    You can add the whole block as "other" type VIPs and then use them in port forwards, or in your case, 1:1 NAT may be better suited if you want to forward "all 65k" ports to specific internal IPs



  • Thanks for the reply.

    I won't have the need to use all the 65k ports but want to give my users all the options as I assign them public IP addresses. However, yes there will be multiple HTTP servers which will have conflicting ports.

    I never explored 1:1 NAT. Would that disable my AON which actually makes my OpenVPN to run properly. Is NAT 1:1 for inbound only? or also effects outbound. Some general details about it would be great asset.

    Thanks


Log in to reply