Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    NAT and aliases

    NAT
    4
    9
    876
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • E
      edmund last edited by

      Can I create a single alias in pfSense for a range of ports e.g. 25, 80, 443, 465, 993, 995, 1000 and have a single NAT rule that will redirect all the ports through to a single LAN address?

      The project here is to move a mail server that is currently bridged to the WAN via an OPT interface inside the firewall but allow access from outside the firewall.

      1 Reply Last reply Reply Quote 0
      • V
        viragomann last edited by

        Yes. You have to enter this alias at "Destination port range" as well as at "Redirect target port" in NAT rule.

        1 Reply Last reply Reply Quote 0
        • E
          edmund last edited by

          @viragomann:

          Yes. You have to enter this alias at "Destination port range" as well as at "Redirect target port" in NAT rule.

          Thanks - that works and simplifies the configuration a lot.

          1 Reply Last reply Reply Quote 0
          • J
            jurgens last edited by

            @viragomann:

            Yes. You have to enter this alias at "Destination port range" as well as at "Redirect target port" in NAT rule.

            Does this also work for multiple hosts at once? For example I create 3 aliases:
            1. host alias HostsExternal = 4 external IPs
            2. host alias HostsInternal = 4 internal IPs (192.168.x.x)
            3. port alias Ports = 80,443 (hosting websites)

            Can I create 1 single NAT port forward rule to host 4 sites in http and https on 4 ips?

            Trick questions: what if the number of hosts does not match in the 2 aliases. What will happen then?

            1 Reply Last reply Reply Quote 0
            • D
              doktornotor Banned last edited by

              @jurgens:

              Does this also work for multiple hosts at once?

              No.

              1 Reply Last reply Reply Quote 0
              • J
                jurgens last edited by

                @doktornotor:

                @jurgens:

                Does this also work for multiple hosts at once?

                No.

                It does allow me to create the rule, but I have no means of testing it without putting it live. So is the limit that you can have 1 'range' alias (port OR host) and not 2? So in my example I can create 2 rules one for forwarding port 80 on my IP range and one for 443, correct? This would be shorter than making the rule per host for the 2 ports.

                1 Reply Last reply Reply Quote 0
                • D
                  doktornotor Banned last edited by

                  No. No range for hosts. (You can use subnets with 1:1 NAT).

                  1 Reply Last reply Reply Quote 0
                  • J
                    jurgens last edited by

                    @doktornotor:

                    No. No range for hosts. (You can use subnets with 1:1 NAT).

                    Just to make sure: I'm not talking about a subnet, but a host alias that has a number of hosts. So this means I have to make a NAT forward rule per IP or use 1:1 NAT with one rule per IP (the IPs do not form a complete subnet).

                    That seems odd to me. My cheap Netgear router that this pfSense box will replace can do that. Simple rule like Service=https, Filter=Allow, Destination=externalIP1-externalIP2, LAN=internalIP1-internalIP2.

                    1 Reply Last reply Reply Quote 0
                    • D
                      doktornotor Banned last edited by

                      Do as you wish.

                      1 Reply Last reply Reply Quote 0
                      • First post
                        Last post