NAT Port forward PFsense 1.2 changes in version 2.1.3
-
Hello I am new to pfsense we have a pfesense that is version 1.2 we a replacing it with a 2.1.3 version
I have backed up and restored the configuration from version 1.2 to version 2.1.3 while doing a comparison I noticed a difference in the NAT
firewall the way the pfsense is configured
The way the pfsense is configured figured for NAT at this location
there are 3 virtual ips configured on the WAN interface forwarded via NAT to internal lan servers
Currently those virtual ips are configured as Proxy ARP because IP alias was not in version 1.2Nat version 1.2
IF PROTO EXT PORT RANGE NAT IP INT PORT RANGE
WAN TCP/UDP 5500 172.16.99.197
(ext.: 74.246.129.62) 5500Nat version 2.1
If Proto Src. addr Src. ports Dest. addr Dest. ports NAT IP NAT Ports
WAN TCP/UDP * * 172.16.99.197 5500
I have attached the 1.2 version of rule and the 2.13 version
How do I get the NAT to work and match what was in version 1.2 I have restored NAT multiple times but there seems to be a configuration change somewhere
I am new to pfsense please forgive my ignorance what do I need to add of change to get virtual ips on my WAN to be forwarded
-
From what I can see, all you need to do is add "5500" to the "from:" and "to:" fields in the Destination Port Range section of the 2.1.3 rule.
That should will forward traffic destined for your WAN address at port 5500 to the internal address 172.16.99.127 at port 5500.
-
Thank you I understand changing the destination ports in your reply
However where do I input my ip alias's(Virtual IP for WAN) do I input them in the DESTINATION section
or do I input them in the SOURCE under any, WAN Address, or WAN netagain I am new to pfsense please forgive me if I seem a bit slow
-
I haven't personally had to do this but I believe you can accomplish what you want by creating a new Alias:
Under "Firewall->Aliases" click on the "+" to create a new alias.
Give it a Name then add the IP addresses in the Host(s) section by clicking the "+" to add new host addresses.
Click "Save"
In your NAT rule change the Destination Type to: "Single host or alias" and type the alias Name you created above in address
Click "Save" and "Apply Changes"That should do it, unless I'm totally wrong (which happens often enough :o ) and some brighter soul than I will save you ;)