Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Quick clarification on Firewall to use NAT or Rules?

    Firewalling
    4
    6
    849
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • E
      eiger3970
      last edited by

      Hello, sorry for the silly question, however my notes show to port forward using pfSense > Firewall > NAT, as per How can I forward ports with pfSense.

      However, I remember some pfSense people saying to use pfSense > Firewall > Rules.
      I have problems with port fowarding and currently use pfSense > Firewall > NAT.

      1 Reply Last reply Reply Quote 0
      • T
        tjsummers51l
        last edited by

        Using NAT to setup port forwarding simplifies the two step process and links them so that if you change the NAT settings, the corresponding firewall rule will be updated automatically.

        1 Reply Last reply Reply Quote 0
        • E
          eiger3970
          last edited by

          Thank you for the reply.
          So I've set the port forwards in pfSense, however SSH still won't access my computer behind pfSense.

          Could another unknown IDS be blocking packets?
          Maybe I need to use a traffic analyser to test the where the packets are being stopped?

          1 Reply Last reply Reply Quote 0
          • DerelictD
            Derelict LAYER 8 Netgate
            last edited by

            If you post the rule we can see if you're maybe doing something incorrectly.

            Chattanooga, Tennessee, USA
            A comprehensive network diagram is worth 10,000 words and 15 conference calls.
            DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
            Do Not Chat For Help! NO_WAN_EGRESS(TM)

            1 Reply Last reply Reply Quote 0
            • E
              eiger3970
              last edited by

              Good idea.
              Oops, attachments aren't working on pfSense?

              1 Reply Last reply Reply Quote 0
              • ?
                A Former User
                last edited by

                @eiger3970:

                Hello, sorry for the silly question, however my notes show to port forward using pfSense > Firewall > NAT, as per How can I forward ports with pfSense.

                However, I remember some pfSense people saying to use pfSense > Firewall > Rules.
                I have problems with port fowarding and currently use pfSense > Firewall > NAT.

                When to use NAT: When you have a public IP that is translated to a private one. An IP of 1.1.1.1 getting translated to 192.168.1.1. Network Address Translation.

                When to use pure rules: When you have a public IP assigned to a host behind pfsense. pfsense needs to merely decide if it should forward a packet to a host that is "directly" reachable (meaning it doesn't need to do any translation to get to it, I know even NAT hosts are directly reachable from the router's POV).

                In both cases remember that you are viewing the rule with the remote client's POV. A source port of 80 doesn't necessarily mean port 80 will be forwarded to the webserver. In the remote client's POV, your source 80 is his destination 80.

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post
                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.