Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Port Forwarding (NAT/PAT) with Multi WAN = Multiple NAT rules?

    Scheduled Pinned Locked Moved Routing and Multi WAN
    4 Posts 3 Posters 2.7k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • C
      CDuv
      last edited by

      Hello,

      I'm still in the process of installing a pfSense router for:

      • One local network (192.168.1.0/24)

      • Three different Internet connections (say: WAN_InternetA, WAN_InternetB, WAN_InternetC)

      I'm now testing NAT Port forwarding (PAT that is) and I was wondering if it was possible to create one NAT rules for multiple interfaces?
      Example:
      Say I have one web server on 192.168.1.105 that I want to be accessed from the outside (whatever WAN interface it is coming on) on port say 1086. It seems that I have to create 3 rules : one for each WAN interface (…/firewall_nat.php).

      | If | Proto | Src. addr | Src. ports | Dest. addr | Dest. ports | NAT IP | NAT Ports | Description |
      | WAN_InternetA | TCP/UDP | * | * | * | 1086 | 192.168.1.105 | 80 (HTTP) | Awesome webserver |
      | WAN_InternetB | TCP/UDP | * | * | * | 1086 | 192.168.1.105 | 80 (HTTP) | Awesome webserver |
      | WAN_InternetC | TCP/UDP | * | * | * | 1086 | 192.168.1.105 | 80 (HTTP) | Awesome webserver |

      I thought I could circumvent this by creating Interfaces Groups (…/interfaces_groups.php) but they don't populates the "Interface" drop-down field when creating a new NAT rule (…/firewall_nat_edit.php).
      Is there any solution to avoid creating multiple rules?
      Thanks

      1 Reply Last reply Reply Quote 0
      • marcellocM
        marcelloc
        last edited by

        I think on your port forwarding setup you should change Dest. addr from * to wan_internetx.

        Today I setup nat on each interface, but pfsense core team alway have some tweaks/new features available.

        So, my answer is: Until now I only know this way  :)

        Treinamentos de Elite: http://sys-squad.com

        Help a community developer! ;D

        1 Reply Last reply Reply Quote 0
        • C
          cmb
          last edited by

          Port forwards are specific to one particular WAN, because you need to specify the destination external IP and that's specific to each WAN. You should not have "any" there, though that's mostly functionally equivalent if you only have one IP, it has the possibility of forwarding traffic you do not want forwarded.

          1 Reply Last reply Reply Quote 0
          • C
            CDuv
            last edited by

            I get the idea.
            It's always a choice between fine tuning precision (providing some security) and ease of administration ;)
            I'll stick with security then.

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.