Can I delete Firewall:NAT:Port Forward rules when I use Aliases instead?



  • I'm reading this article:
    http://doc.pfsense.org/index.php/Aliases

    I have multiple physical webservers behind my pfSense box, all are needed to be accessed through the internet.

    Currently, I'm using standard port forwarding using this article:
    http://doc.pfsense.org/index.php/How_can_I_forward_ports_with_pfSense%3F

    My question is, if I'm going to use Aliases (which seems to be more proper for multiple web servers), should I delete the Firewall:NAT:Port Forward rules and just manually add some rules per WAN interface in Firewall:Rules using the Aliases I created?


  • Rebel Alliance Developer Netgate

    If your servers are on private IPs behind the firewall you need port forwards and firewall rules in order for it to work.



  • @jimp:

    If your servers are on private IPs behind the firewall you need port forwards and firewall rules in order for it to work.

    So what I should do is:

    1. Go to Firewall: NAT: Port Forward
    2. Create a Port Forward that looks like this:

    If: WAN
    Proto: TCP
    Src. Addr: *
    Src. Port: *
    Dest Addr: WAN Address
    Dest Port: MyWebServerPorts
    NAT IP: MyWebServersAlias
    Filter Rule Association: Create new associated filter rule

    3. The above should automatically create a firewall rule in Firewall:Rules

    4. Do the steps again for other WAN connections (i.e. OPT1)

    Are these steps correct?


  • Rebel Alliance Developer Netgate

    Should being operative keyword there, but yes. I don't recall how well the automatic rule works with aliases (if it does) or if you'd have problems with using port aliases on NAT rules in 1.2.x.

    It may be that it worked fine on its own but broke with NAT reflection, I don't recall exactly.


Locked