Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Can I delete Firewall:NAT:Port Forward rules when I use Aliases instead?

    Scheduled Pinned Locked Moved NAT
    4 Posts 2 Posters 2.6k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      stramato
      last edited by

      I'm reading this article:
      http://doc.pfsense.org/index.php/Aliases

      I have multiple physical webservers behind my pfSense box, all are needed to be accessed through the internet.

      Currently, I'm using standard port forwarding using this article:
      http://doc.pfsense.org/index.php/How_can_I_forward_ports_with_pfSense%3F

      My question is, if I'm going to use Aliases (which seems to be more proper for multiple web servers), should I delete the Firewall:NAT:Port Forward rules and just manually add some rules per WAN interface in Firewall:Rules using the Aliases I created?

      1 Reply Last reply Reply Quote 0
      • jimpJ
        jimp Rebel Alliance Developer Netgate
        last edited by

        If your servers are on private IPs behind the firewall you need port forwards and firewall rules in order for it to work.

        Remember: Upvote with the ๐Ÿ‘ button for any user/post you find to be helpful, informative, or deserving of recognition!

        Need help fast? Netgate Global Support!

        Do not Chat/PM for help!

        1 Reply Last reply Reply Quote 0
        • S
          stramato
          last edited by

          @jimp:

          If your servers are on private IPs behind the firewall you need port forwards and firewall rules in order for it to work.

          So what I should do is:

          1. Go to Firewall: NAT: Port Forward
          2. Create a Port Forward that looks like this:

          If: WAN
          Proto: TCP
          Src. Addr: *
          Src. Port: *
          Dest Addr: WAN Address
          Dest Port: MyWebServerPorts
          NAT IP: MyWebServersAlias
          Filter Rule Association: Create new associated filter rule

          3. The above should automatically create a firewall rule in Firewall:Rules

          4. Do the steps again for other WAN connections (i.e. OPT1)

          Are these steps correct?

          1 Reply Last reply Reply Quote 0
          • jimpJ
            jimp Rebel Alliance Developer Netgate
            last edited by

            Should being operative keyword there, but yes. I don't recall how well the automatic rule works with aliases (if it does) or if you'd have problems with using port aliases on NAT rules in 1.2.x.

            It may be that it worked fine on its own but broke with NAT reflection, I don't recall exactly.

            Remember: Upvote with the ๐Ÿ‘ button for any user/post you find to be helpful, informative, or deserving of recognition!

            Need help fast? Netgate Global Support!

            Do not Chat/PM for help!

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.