Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Multiple external IP addresses

    Scheduled Pinned Locked Moved Problems Installing or Upgrading pfSense Software
    3 Posts 2 Posters 6.7k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • D
      draccusfly
      last edited by

      Hi,

      I am in the process of setting up a new pfsense box via VMWare and need some clarification on how to configure multiple external IP's correctly.
      We have 10 IP addresses pointing to the internet so I have configured my gateway and external IP address accordingly but I need to allow several IP addresses to hit the box and then be routed through to various different systems.  So I have configured virtual IP's for my entire range and need to make sure they are routed through properly.  After googling around I found a tutorial on setting up 1:1 NAT, however a few of the IP addresses go to multiple systems on different ports (fairly normal setup i guess).
      Just for reference here's an example:
      1.1.1.2 - > 192.168.1.1:80, 192.168.1.2:443 and 192.168.100.3:1234>3389 (NAT'd port 1234 to 3389 to mask RDP port)
      1.1.1.3 - > 192.168.1.254, 192.168.100.6

      So if I use 1:1 NAT with firewall rules to port forward which will be read first, the 1:1 NAT rules or the firewall rule.  If it's the 1:1 NAT rule then will the system get confused as to where the packets need to go or will it then check the firewall rule and route traffic according to the rule.  If that's the case do I actually need the 1:1 NAT mappings?  or can I just use firewall rules to route the traffic?

      Some clarification would be a great help.

      Bets regards
      Drac

      1 Reply Last reply Reply Quote 0
      • P
        pinoyboy
        last edited by

        Step 1:  VIP

        Step 2:  NAT

        Step 3:  Firewall rules to open per Host

        That is it!

        1 Reply Last reply Reply Quote 0
        • D
          draccusfly
          last edited by

          Thanks for the reply.  I had set my Virtual IP addresses as lfAlias rather than CARP (not 100% sure what the difference is).
          I noticed from your post that your external virtual IP's are each pointing to a different internal machine, whereas in my scenario I had set one virtual IP to NAT to 4 different internal IP's with some on different subnets.  In the end I disabled the NAT 1:1 mappings and just used NAT port forwards and this seems to be working fine now.

          Regards
          Drac

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.