General Question about 1:1 and PORT FORWARDS

  • We have a site that we are getting ready to switch over to pfsense from monowall. However, the NAT setup in pfsense is a little different from monowall. We have several public IPs one of them of course being the main IP for the public side of the pfsense box. One of the main differences I noticed was the fact that SERVER NAT is not an option in pfsense. So, I assumed that setting up virtual IPs for each of the public IPs besides the main public IP assigned to the WAN address is the same as setting up SERVER NAT in monowall. I also have the need for 1:1 NAT to map certain public IPs to a specific LAN IP. So here's my question. When I go into  NAT PORT FORWARD in pfsense, I can setup forwards either using the pfsense's interface address or any of the virtual IPs I setup before hand. I'm assuming that takes care of the incoming traffic on that IP address being forwarded to the internal IP  I've mapped, but any outgoing from that same internal IP will still go out of the router's main interface address. So, if I wanted the internal IPs outgoing traffic to go out of a specific PUBLIC IP, I need to create a 1:1 NAT correct? So, if I setup a 1:1 NAT, there is no need to additionally setup a port forward? Just simply create a rule for that 1:1 NAT?

    I hope I'm making sense. Thanks in advance.

  • Yes.
    You don't have to use the virtual IPs with 1:1 NAT.
    They can also be used in normal port forwards.
    (But you cannot mix 1:1 and normal on a single IP).

    If you already have a working monowall setup:
    You can export the monowall config and simply import it on pfSense.
    –> The pfSense can work with a monowall config.

  • Actually, you can mix 1:1 and port forwards on the same IP.  The port forwards can be used when you want to override specific ports.


    Not sure if that's specific to 2.0 or if earlier versions did that as well.

Log in to reply