Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    FW rule on external 1:1 NAT

    Firewalling
    2
    2
    791
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      mmerlone
      last edited by

      Hi,

      I have set two external ip addresses pointing to the same internal host by 1:1 NAT, like this:

      WAN ->  LAN
      1.1.1.1 -> 192.168.0.1
      1.1.1.2 -> 192.168.0.1

      Connections coming to 1.1.1.1 should be denied from all internet except when coming from some hosts, while 1.1.1.2 should be free to all. Since on the WAN tab of the fw rules I can only set the internal destination address, how can I accomplish this?

      Thanks in advance, best regards.

      –
      Marcio Merlone

      1 Reply Last reply Reply Quote 0
      • KOMK
        KOM
        last edited by

        From what I have read, 1:1 NAT is a security risk and should only be used in the rare case that you really need access to the full port range on the internal server.  Specific port-forwards are generally best.  Port-forwards also let you specify the source IP address but I haven't played with that.

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.