Nat 1:1 Question about 2.0



  • Hi, I'm seeking a little clarification about 1:1 in pfSense. I managed to get my 1:1 NAT working without too much problem, which involves a cable modem in bridged mode sending me a routed public subnet.

    However, I'm a little confused about terminology and the setup.

    Confusing me further is that the Firewall->NAT>1:1 page layout on my installation is different than the example in pfSense 2 Cookbook by Matt Williamson (page 105).

    Right now, I'm just doing one address: On my NAT 1:1 configuration page, there is:

    External subnet IP: (My public IP, a pfSense "virtual IP")
    Internal IP: (my mail server)
    Destination: ???

    What is "Destination"? I've left this "ANY", but I dont understand why it should be ANY, or what is its purpose?

    In the Cookbook example, there is no "Internal IP", but rather the Destination appears to be the same as "Internal IP" in my 2.0-RC3. This actually makes more sense to me.

    Any clarification is greatly appreciated. Thanks!



  • First of all, cookbook isn't most reliable source, because it's not done by developers and 2.0 is still in rc. it can change a lot.

    I haven't used a 1:1 but it seems to be from inside to outside.
    So you can decide to where outside of your network it uses that outside ip-address. As the hint says "usually any"



  • First of all, cookbook isn't most reliable source, because it's not done by developers and 2.0 is still in rc.

    Fair enough. I have no idea who Matt Williamson is…

    I haven't used a 1:1 but it seems to be from inside to outside.

    Thanks for the reply, I think I follow. So from the perspective of being "inside" the firewall, this mapping is only used if-and-only-if "Destination" is the destination of connection OR "Destination" is the source of the connection. "Any" means, for all cases, this rule will be in force for every connection.

    Let me know if I'm wrong. I guess I'm just so used to Iptables.



  • As i stated before, i haven't used 1:1 so i can't give you exact answer


Log in to reply