Multi-wan nat rules



  • Hi,

    I am running a network with two isps.  I am transitioning to a multi-wan, one step at a time.  The firewall uses nat because the lan is an rfc1918 address range.  I also am running pfsense 2.0 on an alix 2d3 system.

    I really like the floating rules, because it allows one rule to control incoming traffic from both isps.  However, I noticed that nat rules must still be specified for each interface.  Are floating nat rules a future feature of pfsense?  I hope so, because I really like how much cleaner the rulesets will become.

    When I ran a test of my dns server I went through the following steps:

    1. disable the original rule on the wan port allowing wan port access for dns queries
    2. added a similar floating rule for dns queries but set it for the wan port and opt-wan port.
    3. added an additional nat rule port-forwarding incoming queries to opt-wan to my internal dns server.  this rule is identical to the nat rule port-forwarding queries to my wan port.

    The rules worked, and I could get traffic in and out of my dns server via the appropriate ports.  I noticed something though: on the nat list a new "linked rule" symbol appeared next to the new opt-wan rule, though it did not next to the wan rule.  Other than just a visual aid, what does it serve to have a nat rule flagged as linked?  and how do I get the other rule to be similarly flagged?

    Thanks for your time.


Log in to reply