Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    NAT Port forward PFsense 1.2 changes in version 2.1.3

    Scheduled Pinned Locked Moved NAT
    4 Posts 2 Posters 970 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • J
      jsby2040
      last edited by

      Hello I am new to pfsense we  have a pfesense that is version 1.2 we a replacing it with a 2.1.3 version
      I have backed up and restored the configuration from version 1.2 to version 2.1.3 while doing a comparison I noticed a difference in the NAT
      firewall the way the pfsense  is configured
      The way the pfsense is configured figured for NAT at this location
      there are 3 virtual ips configured on the WAN interface forwarded via NAT to internal lan servers
      Currently those virtual ips are configured as Proxy ARP because IP alias was not in version 1.2

      Nat version 1.2

      IF            PROTO    EXT PORT RANGE            NAT IP                  INT PORT RANGE

      WAN    TCP/UDP              5500                172.16.99.197
                                                                  (ext.: 74.246.129.62)                5500

      Nat version 2.1

      If         Proto Src. addr   Src. ports Dest. addr Dest. ports NAT IP   NAT Ports

      WAN TCP/UDP                   *                             *             172.16.99.197 5500

      I have attached the 1.2 version of rule and the 2.13 version
      How do I get the NAT to work and match what was in version 1.2 I have restored NAT multiple times but there seems to be a configuration change somewhere
      I am new to pfsense please forgive my ignorance what do I need to add of change to get  virtual ips on my WAN to be forwarded
      pfsense2.13.PNG
      pfsense2.13.PNG_thumb
      pfsense1.2.PNG
      pfsense1.2.PNG_thumb

      1 Reply Last reply Reply Quote 0
      • D
        divsys
        last edited by

        From what I can see, all you need to do is add "5500" to the "from:" and "to:" fields in the Destination Port Range section of the 2.1.3 rule.

        That should will forward traffic destined for your WAN address at port 5500 to the internal address 172.16.99.127 at port 5500.

        -jfp

        1 Reply Last reply Reply Quote 0
        • J
          jsby2040
          last edited by

          Thank you I understand changing the destination ports in your reply
          However where do I input my ip alias's(Virtual IP for WAN) do I input them in the DESTINATION section
          or  do I input them in the SOURCE under  any, WAN Address, or WAN net

          again I am new to pfsense please forgive me if I seem a bit slow

          1 Reply Last reply Reply Quote 0
          • D
            divsys
            last edited by

            I haven't personally had to do this but I believe you can accomplish what you want by creating a new Alias:

            Under "Firewall->Aliases" click on the "+" to create a new alias.
            Give it a Name then add the IP addresses in the Host(s) section by clicking the "+" to add new host addresses.
            Click "Save"
            In your NAT rule change the Destination Type to: "Single host or alias" and type the alias Name you created above in address
            Click "Save" and "Apply Changes"

            That should do it, unless I'm totally wrong (which happens often enough  :o ) and some brighter soul than I will save you  ;)

            -jfp

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.