All ports forwarded to multiple LAN addresses simultaneously w/o using VIP?

  • Hello Everyone,

    I have a block of public IPs routed to our main IP. This is in a data-center. Our main public IP is on a different subnet and range from the block of public IPs that is routed to it.

    I need to use all 65k+ ports for each IP. I want to avoid using Virtual IPs as it seems it gets complicated and I haven't done any virtual IP configurations yet (so best avoid it if possible).

    So, if I do NAT port forward port 80 to let's say, can I also port forward port 80 to at the same time? And then I will open those port to the those LAN IPs in the firewall and specify a source IP address of my routed IP.

    So, I guess my question is if my Routed Public IPs are considered as Source IP in my firewall source IP address field. Or is the outside IP address the source IP?


  • Rebel Alliance Developer Netgate

    In order to do that you must use Virtual IPs.

    You can only forward a specific port once for each available public IP.

    You can add the whole block as "other" type VIPs and then use them in port forwards, or in your case, 1:1 NAT may be better suited if you want to forward "all 65k" ports to specific internal IPs

  • Thanks for the reply.

    I won't have the need to use all the 65k ports but want to give my users all the options as I assign them public IP addresses. However, yes there will be multiple HTTP servers which will have conflicting ports.

    I never explored 1:1 NAT. Would that disable my AON which actually makes my OpenVPN to run properly. Is NAT 1:1 for inbound only? or also effects outbound. Some general details about it would be great asset.


Log in to reply