Multiple source networks to one destination port.



  • I need to be able to set up NAT rules to allow me to direct a number of netblocks to the same destination IP and port on the LAN side of the firewall.
    Example
    Net Block 79.135.125.0/24 Plus 87.238.72.128/26 Plus 78.40.243.192/27 to destination IP xxx.xxx.xxx.xxx port 5000 for example.

    I find that I can set up a NAT rules for the first netblock (79.135.125.0/24) in this example. When I come to add a second rule pointing to the same destination and port I get the following error:

    The following input errors were detected:
    • The destination port range overlaps with an existing entry.

    What am I doing wrong or missing.

    Thank you


  • Rebel Alliance Global Moderator

    And why would you not just create the nat to your IP and port..  And then limit who could access it via your firewall rule??

    You can not create more than one nat to the same IP and port..



  • Thank you for responding.

    Now I need a little help to get my head around how I would configure that in.
    Would I construct a series of rules like the following using what I wrote in my original post

    Block not 79.135.125.0/24 destination xxx.xxx.xxx.xxx
    then
    Block not 87.238.72.128/26 destination xxx.xxx.xxx.xxx
    etc
    then last would be the NAT which would anything to xxx.xxx.xxx.xxx port 5000

    Tried the above and to see if it worked. I removed the NOT tick so as I understand it then traffic should have been blocked  the address blocks.
    However, I found that traffic was getting through on the final rule/nat. I had the rules listed such that the block rules were before the NAT rule.

    So I am missing something so can you please clarify your post.

    Moving from IPCOP to pfsense has been relatively trouble free apart from this issue.