Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    General Question about 1:1 and PORT FORWARDS

    Scheduled Pinned Locked Moved NAT
    3 Posts 3 Posters 2.2k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • D
      deeztek
      last edited by

      We have a site that we are getting ready to switch over to pfsense from monowall. However, the NAT setup in pfsense is a little different from monowall. We have several public IPs one of them of course being the main IP for the public side of the pfsense box. One of the main differences I noticed was the fact that SERVER NAT is not an option in pfsense. So, I assumed that setting up virtual IPs for each of the public IPs besides the main public IP assigned to the WAN address is the same as setting up SERVER NAT in monowall. I also have the need for 1:1 NAT to map certain public IPs to a specific LAN IP. So here's my question. When I go into  NAT PORT FORWARD in pfsense, I can setup forwards either using the pfsense's interface address or any of the virtual IPs I setup before hand. I'm assuming that takes care of the incoming traffic on that IP address being forwarded to the internal IP  I've mapped, but any outgoing from that same internal IP will still go out of the router's main interface address. So, if I wanted the internal IPs outgoing traffic to go out of a specific PUBLIC IP, I need to create a 1:1 NAT correct? So, if I setup a 1:1 NAT, there is no need to additionally setup a port forward? Just simply create a rule for that 1:1 NAT?

      I hope I'm making sense. Thanks in advance.

      1 Reply Last reply Reply Quote 0
      • GruensFroeschliG
        GruensFroeschli
        last edited by

        Yes.
        You don't have to use the virtual IPs with 1:1 NAT.
        They can also be used in normal port forwards.
        (But you cannot mix 1:1 and normal on a single IP).

        If you already have a working monowall setup:
        You can export the monowall config and simply import it on pfSense.
        –> The pfSense can work with a monowall config.

        We do what we must, because we can.

        Asking questions the smart way: http://www.catb.org/esr/faqs/smart-questions.html

        1 Reply Last reply Reply Quote 0
        • E
          Efonnes
          last edited by

          Actually, you can mix 1:1 and port forwards on the same IP.  The port forwards can be used when you want to override specific ports.

          Edit:

          Not sure if that's specific to 2.0 or if earlier versions did that as well.

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.