Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Firewall rules and NAT - Public vs Private IP used in ACL on WAN interface

    Scheduled Pinned Locked Moved Firewalling
    2 Posts 2 Posters 2.0k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      mrjoltcola
      last edited by

      I come from a background of Cisco, and I've always specified my rules using the address for the interface where the rule is. For a public ACL, I'm used to using the public address.

      I tried this with pfsense and it didn't work, I had to use the private address.

      This confuses me, but I suppose this is by design. Sorry if it is newbie question. I'm just curious why?

      Or is there an option I'm missing?

      1 Reply Last reply Reply Quote 0
      • marcellocM
        marcelloc
        last edited by

        As a statefull firewall, all rules are set where the connection begins, if is a rule To allow access from clientes, it will be in lan. If is internet going To your web server, it will be at wan.

        When using nat the rule is applied after translation, so wan rule will give access to internal web server ip, no To wans public ip.

        Except for nat, all rules are set by source or destination ip/port.

        Treinamentos de Elite: http://sys-squad.com

        Help a community developer! ;D

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.