Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Basic Questions on NAT, PortFWD, and FW

    NAT
    2
    2
    556
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      scopa
      last edited by

      Setting up a mail server behind PF w/ Static IP

      few basic fundamental questions:

      Is Port Forwarding + NAT + FW Rules all required for specific protocols to properly traverse the FW?

      If I have a static WAN IP for my mail server I would setup a NAT for routing the traffic back and forth. Do I have to them setup Port Forwarding for Imap,SSH,SMTP… And then setup appropriate FW rules. Or can I just do NAT and FW rules - do I have to do port forwarding?

      Also - If I setup Alias for mail server ports - how can I use this alias group on port forwarding page? It looks like you can only forward a single port or continuous ports per rule? Is that correct?

      Would the port alias group only be used on a FW rule?

      Thanks for clarity,

      Scopa

      1 Reply Last reply Reply Quote 0
      • D
        divsys
        last edited by

        Is Port Forwarding + NAT + FW Rules all required for specific protocols to properly traverse the FW?

        If I have a static WAN IP for my mail server I would setup a NAT for routing the traffic back and forth. Do I have to them setup Port Forwarding for Imap,SSH,SMTP… And then setup appropriate FW rules. Or can I just do NAT and FW rules - do I have to do port forwarding?

        In the pfSense environment you implement port forwarding by going to Firewall->NAT->Port Forward and create the forwarding you need.
        Once you click Save and Apply Changes, a new rule is also created under Firewall->Rules on the interface you selected in NAT to allow the forward.

        You can chose the protocol(s) you want to allow in NAT and the port for source and destination.
        You can create port aliases and use them in NAT, although that's typically only useful if the source and destination ports are the same.

        For 3 or four services you want to handle, it's probably easier to create individual NAT entries.  It will definitely make it easier to troubleshoot firewall problems if your traffic isn't all tied into one rule.

        Gives you more flexibility in the future as well.

        You can get a description of any of these pfSense pages by clicking the ? in the upper right corner of the WebGUI page.

        Welcome to pfSense  :)

        -jfp

        1 Reply Last reply Reply Quote 0
        • First post
          Last post