1:1 NAT or Port Forward with multiples WAN ???

  • Hi to all,

    Here is the config :

    pfSense 2.1 amd 64
    HA (CARP / pfSync)

    IP Pool of 8 IP adresses from ISP : X.Y.57.208 to X.Y.57.215
    ISP Gateway : X.Y.57.214

    pfSense is setup as follow
    WAN : X.Y.57.209/29
    Virtual IPs defined from X.Y.57.210 to X.Y.57.213
    LAN :

    We need to NAT inbound traffic toward severals internal servers (HTTP, FTP, etc…).

    Do I need to use 1:1 NAT absolutely or can we used Port Forward as detailed below in screen shoots.

    I was wondering which is the real difference in such cases ? I read the pfSense Definitive Guide, have seen some videos detailing config about 1/1 NAT + virtual IP, etc... : the right way seems to be 1/1 NAT + associated firewall rules.

    I didn't find the right answer myself, so is someone could tell me if the setup below is OK or totally stupid ? :-)

    Many thanks for your answers !

    This second screen shoot shows Virtual IP ending by X.Y.57.209, which is the WAN IP => let's say I know that it should be one of the Virtual IP from  X.Y.57.210 to X.Y.57.213 =:-)

  • I think your in your first screenshot, the second port forward rule is wrong - the destination address should be "WAN address", not your external ip. Change your highlighted virtual IP.

Log in to reply