Multiple public ip mapping to internal servers, but not pingable

  • Hi All,

    I've use pfSense for one of my client's branch office and i'd say it's a fantastic firewall, thanks to
    pfSense's developers!!

    I've got an issue here - i've registered a range of public ip addresses for my client, they want to use
    1:1 mapping of those public ip to some internal servers.

    When we tested normal NATting, it works flawlessly, but when we tried 1:1 mapping (where shall i put
    those ports that i need to do port-forwarding? under Firewall -> Rules?) it does not work. E.g port
    forward 22 from public ip to internal ip using NATting, works, but changed to 1:1, no one can ssh in.

    Another case, say i have 20 public ip address, all use for different servers internally in our LAN
    environment, only the ip set for pfSense firewall can set on allowing/disallow ping, but the rest of the
    public ip are totally not responding to ping!? Where did i do wrong??


  • With 1:1, once you setup the proxy ARP and 1:1 mapping, you just need to add firewall rules on your WAN to permit the desired traffic. You need to use the private IP as the destination, NAT applies before firewall rules are evaluated.

    Then test from outside your network and it should work.

  • Hi there,

    I also in need of help to setup all the static IPs provided by my ISP with pfSense. What I have in mind is to use a different IPs to be assign to respective servers.

    ie WAN (static IP) –> LAN (
    or like for WEB SERVER -  WAN IP:80 --> LAN IP:80
    or like for FTP SERVER - WAN IP:21 --> LAN IP:21

    Kindly provide us a HowTo on how to set this up correctly.

    Thank you so much in advance.

Log in to reply