Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Can the firewall create NAT rules

    NAT
    2
    4
    2.6k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • N
      nsumner
      last edited by

      Okay that might be confusing so let me explain.

      inside1 (192.168.17.100)                  inside2 (192.168.17.101)

      Connecting from outside I have 2 clients (bogus IPs used)

      outside1 192.117.115.114, when he connects on port 80 (from his and "only his") IP he connects to inside1.

      Outside2 192.117.115.115 when he connects to port 80 he is directed to inside2.

      I am told that this can be done manually but right now it doesn't do so automatically. Really it would in a sense mean that to create NAT rules you use firewall rules (at least most likely). It would also simplify things and reduce user errors. For example I wanted to open port 443 to the Pfsense box to my work machine (which has it's own real static IP). I couldn't get this working until I realized I had to create the NAT rule and then modify the firewall rule it created to limit IPs.

      1 Reply Last reply Reply Quote 0
      • H
        hoba
        last edited by

        You are talking about nat based on the source IP. This is not possible with pfSense 1.0 by only using the webgui. Doing that at the backend is not recommended as NATs and Firewallrules are alway created from the config.xml and your customizations most likely will be overwritten by doing other changes sooner or later or on reboots.

        1 Reply Last reply Reply Quote 0
        • N
          nsumner
          last edited by

          Any chance we can beg pretty pretty please to get this in 1.1?

          1 Reply Last reply Reply Quote 0
          • H
            hoba
            last edited by

            I added it to our "not ready yet but cool to have at some point" feature list. Stay tuned  ;)

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.