Can I delete Firewall:NAT:Port Forward rules when I use Aliases instead?
-
I'm reading this article:
http://doc.pfsense.org/index.php/AliasesI have multiple physical webservers behind my pfSense box, all are needed to be accessed through the internet.
Currently, I'm using standard port forwarding using this article:
http://doc.pfsense.org/index.php/How_can_I_forward_ports_with_pfSense%3FMy question is, if I'm going to use Aliases (which seems to be more proper for multiple web servers), should I delete the Firewall:NAT:Port Forward rules and just manually add some rules per WAN interface in Firewall:Rules using the Aliases I created?
-
If your servers are on private IPs behind the firewall you need port forwards and firewall rules in order for it to work.
-
If your servers are on private IPs behind the firewall you need port forwards and firewall rules in order for it to work.
So what I should do is:
1. Go to Firewall: NAT: Port Forward
2. Create a Port Forward that looks like this:If: WAN
Proto: TCP
Src. Addr: *
Src. Port: *
Dest Addr: WAN Address
Dest Port: MyWebServerPorts
NAT IP: MyWebServersAlias
Filter Rule Association: Create new associated filter rule3. The above should automatically create a firewall rule in Firewall:Rules
4. Do the steps again for other WAN connections (i.e. OPT1)
Are these steps correct?
-
Should being operative keyword there, but yes. I don't recall how well the automatic rule works with aliases (if it does) or if you'd have problems with using port aliases on NAT rules in 1.2.x.
It may be that it worked fine on its own but broke with NAT reflection, I don't recall exactly.
