Can the firewall create NAT rules


  • Okay that might be confusing so let me explain.

    inside1 (192.168.17.100)                  inside2 (192.168.17.101)

    Connecting from outside I have 2 clients (bogus IPs used)

    outside1 192.117.115.114, when he connects on port 80 (from his and "only his") IP he connects to inside1.

    Outside2 192.117.115.115 when he connects to port 80 he is directed to inside2.

    I am told that this can be done manually but right now it doesn't do so automatically. Really it would in a sense mean that to create NAT rules you use firewall rules (at least most likely). It would also simplify things and reduce user errors. For example I wanted to open port 443 to the Pfsense box to my work machine (which has it's own real static IP). I couldn't get this working until I realized I had to create the NAT rule and then modify the firewall rule it created to limit IPs.


  • You are talking about nat based on the source IP. This is not possible with pfSense 1.0 by only using the webgui. Doing that at the backend is not recommended as NATs and Firewallrules are alway created from the config.xml and your customizations most likely will be overwritten by doing other changes sooner or later or on reboots.


  • Any chance we can beg pretty pretty please to get this in 1.1?


  • I added it to our "not ready yet but cool to have at some point" feature list. Stay tuned  ;)