Multi-wan nat rules
jason0 last edited by
I am running a network with two isps. I am transitioning to a multi-wan, one step at a time. The firewall uses nat because the lan is an rfc1918 address range. I also am running pfsense 2.0 on an alix 2d3 system.
I really like the floating rules, because it allows one rule to control incoming traffic from both isps. However, I noticed that nat rules must still be specified for each interface. Are floating nat rules a future feature of pfsense? I hope so, because I really like how much cleaner the rulesets will become.
When I ran a test of my dns server I went through the following steps:
- disable the original rule on the wan port allowing wan port access for dns queries
- added a similar floating rule for dns queries but set it for the wan port and opt-wan port.
- added an additional nat rule port-forwarding incoming queries to opt-wan to my internal dns server. this rule is identical to the nat rule port-forwarding queries to my wan port.
The rules worked, and I could get traffic in and out of my dns server via the appropriate ports. I noticed something though: on the nat list a new "linked rule" symbol appeared next to the new opt-wan rule, though it did not next to the wan rule. Other than just a visual aid, what does it serve to have a nat rule flagged as linked? and how do I get the other rule to be similarly flagged?
Thanks for your time.