1. Home
  2. pfSense® Software
  3. Firewalling
  4. Firewall rules and NAT - Public vs Private IP used in ACL on WAN interface

Firewall rules and NAT - Public vs Private IP used in ACL on WAN interface

  • M

    I come from a background of Cisco, and I've always specified my rules using the address for the interface where the rule is. For a public ACL, I'm used to using the public address.

    I tried this with pfsense and it didn't work, I had to use the private address.

    This confuses me, but I suppose this is by design. Sorry if it is newbie question. I'm just curious why?

    Or is there an option I'm missing?

    0
  • marcelloc

    As a statefull firewall, all rules are set where the connection begins, if is a rule To allow access from clientes, it will be in lan. If is internet going To your web server, it will be at wan.

    When using nat the rule is applied after translation, so wan rule will give access to internal web server ip, no To wans public ip.

    Except for nat, all rules are set by source or destination ip/port.

    0
Log in to reply
 

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

© 2020 Rubicon Communications, LLC | Privacy Policy