Port Forwarding & 1:1 NAT
-
I am fairly new to pfsense and have a question regarding port forwarding & 1:1 NAT.
We currently have /28 subnet for our WAN connection but are getting short on public IP addresses. In our current setup we are just using 1:1 NAT and no port forwarding. I am looking at possibly using port forwarding to take better advantage of our subnet.Question:
I would like to be able to combine two of our external addresses that don't see a lot of use and combine them to free up a public IP.
Currently we have a 1:1 NAT for our video conferencing system and one for FTP. Neither see a lot of usage. Would I be able to set these up using port forwarding instead of 1:1 NAT? How would it work for the video conferencing system that uses multiple ports?Thanks,
-
It is possible so long as FTP and Video conferencing don't have any port overlap. You should have rules in place now to allow traffic to these services. You would only need to mimic them in port forward.
-
Great.
Thanks for the reply.
I have one more question regarding this. In discussions here at work it was mentioned that they had tried this before I started here and had stop using since it was very CPU intensive.
Is this still true now. It has been at least 5 years since they previously tried it.
Thanks Gord
-
Unless you are pushing more than 300MB/s I don't see how it would be CPU intensive at the firewall level. I could see how Video Conferencing could open a lot of states. If you are at a colo or Datacenter, you are probably going to have to use server class system for high bandwidth and state handling. What did they try it on before. At lot has changed in 5 years.