Nat (port forward) on network address - cisco can do it
I have a question. I am about to replacing a cisco device with pfSense firewall.
I faced into that problem that cisco does port forward (static nat) on a /30 network's network address.
(let's say i have a 10.3.3.4/30 then cisco can do nat/port forward on 10.3.3.4)
Once I tried the same config with pfSense but that config did not succeed.
I did not have the time to test it and I got an approve to use a different ip address not that network address that time.
But this time this ip is hardcoded too many application so cannot be changed. Can pfSense solve this problem?
If yes, how?
It depends on how you're trying to use those IPs.
If that /30 is routed to an IP on the pfSense box, you can add all four of the IPs as "other" type VIPs and do NAT on them all.
What wouldn't work is trying to use them in an assigned fashion (IP alias, CARP, interface IP) and using anything but the two "inside" the network.
Thanks for the answer.
Yes the /30 is routed to the pfSense box WAN address. I will give a try this weekend.
(if I remember well I tried this solution what you mentioned but did not work that time.)
we will se now.
thanks for the info. I just want to confirm that nat to network address on pfsense works.
It did the last time I tried it. I won't have time for a few days to setup a test to try it again if you need more confirmation than that.
cmb last edited by
If it's a routed subnet, then there is no concept of a network or broadcast address, you can use all the IPs with NAT. There are a number of boxes out there running exactly that way that I've setup.