NAT Port forward PFsense 1.2 changes in version 2.1.3



  • Hello I am new to pfsense we  have a pfesense that is version 1.2 we a replacing it with a 2.1.3 version
    I have backed up and restored the configuration from version 1.2 to version 2.1.3 while doing a comparison I noticed a difference in the NAT
    firewall the way the pfsense  is configured
    The way the pfsense is configured figured for NAT at this location
    there are 3 virtual ips configured on the WAN interface forwarded via NAT to internal lan servers
    Currently those virtual ips are configured as Proxy ARP because IP alias was not in version 1.2

    Nat version 1.2

    IF            PROTO    EXT PORT RANGE            NAT IP                  INT PORT RANGE

    WAN    TCP/UDP              5500                172.16.99.197
                                                                (ext.: 74.246.129.62)                5500

    Nat version 2.1

    If         Proto Src. addr   Src. ports Dest. addr Dest. ports NAT IP   NAT Ports

    WAN TCP/UDP                   *                             *             172.16.99.197 5500

    I have attached the 1.2 version of rule and the 2.13 version
    How do I get the NAT to work and match what was in version 1.2 I have restored NAT multiple times but there seems to be a configuration change somewhere
    I am new to pfsense please forgive my ignorance what do I need to add of change to get  virtual ips on my WAN to be forwarded





  • From what I can see, all you need to do is add "5500" to the "from:" and "to:" fields in the Destination Port Range section of the 2.1.3 rule.

    That should will forward traffic destined for your WAN address at port 5500 to the internal address 172.16.99.127 at port 5500.



  • Thank you I understand changing the destination ports in your reply
    However where do I input my ip alias's(Virtual IP for WAN) do I input them in the DESTINATION section
    or  do I input them in the SOURCE under  any, WAN Address, or WAN net

    again I am new to pfsense please forgive me if I seem a bit slow



  • I haven't personally had to do this but I believe you can accomplish what you want by creating a new Alias:

    Under "Firewall->Aliases" click on the "+" to create a new alias.
    Give it a Name then add the IP addresses in the Host(s) section by clicking the "+" to add new host addresses.
    Click "Save"
    In your NAT rule change the Destination Type to: "Single host or alias" and type the alias Name you created above in address
    Click "Save" and "Apply Changes"

    That should do it, unless I'm totally wrong (which happens often enough  :o ) and some brighter soul than I will save you  ;)


Log in to reply