Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    All ports forwarded to multiple LAN addresses simultaneously w/o using VIP?

    Scheduled Pinned Locked Moved General pfSense Questions
    3 Posts 2 Posters 1.5k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • T Offline
      torontob
      last edited by

      Hello Everyone,

      I have a block of public IPs routed to our main IP. This is in a data-center. Our main public IP is on a different subnet and range from the block of public IPs that is routed to it.

      I need to use all 65k+ ports for each IP. I want to avoid using Virtual IPs as it seems it gets complicated and I haven't done any virtual IP configurations yet (so best avoid it if possible).

      So, if I do NAT port forward port 80 to let's say 192.168.0.5, can I also port forward port 80 to 192.168.0.9 at the same time? And then I will open those port to the those LAN IPs in the firewall and specify a source IP address of my routed IP.

      So, I guess my question is if my Routed Public IPs are considered as Source IP in my firewall source IP address field. Or is the outside IP address the source IP?

      Thanks,

      1 Reply Last reply Reply Quote 0
      • jimpJ Offline
        jimp Rebel Alliance Developer Netgate
        last edited by

        In order to do that you must use Virtual IPs.

        You can only forward a specific port once for each available public IP.

        You can add the whole block as "other" type VIPs and then use them in port forwards, or in your case, 1:1 NAT may be better suited if you want to forward "all 65k" ports to specific internal IPs

        Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

        Need help fast? Netgate Global Support!

        Do not Chat/PM for help!

        1 Reply Last reply Reply Quote 0
        • T Offline
          torontob
          last edited by

          Thanks for the reply.

          I won't have the need to use all the 65k ports but want to give my users all the options as I assign them public IP addresses. However, yes there will be multiple HTTP servers which will have conflicting ports.

          I never explored 1:1 NAT. Would that disable my AON which actually makes my OpenVPN to run properly. Is NAT 1:1 for inbound only? or also effects outbound. Some general details about it would be great asset.

          Thanks

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.