Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    NAT With Multiple IPs Issue

    Scheduled Pinned Locked Moved NAT
    5 Posts 3 Posters 1.1k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • P
      Pfsenseuser24
      last edited by

      I am a bit confused on why this is not working, here is my scenario

      -Pfsense management IP set to 1.1.1.1
      -1.1.1.2 set as a virtual IP
      -NAT 1:1 1.1.1.2 to 10.0.0.160

      When I try to Port Forward port 80 to 1.1.1.2 or 10.0.0.160 it brings me to the Pfsense management interface instead.

      What do I need to do so that if I am trying to access 1.1.1.2:80 that it knows to bring me to 10.0.0.160:80 ?

      1 Reply Last reply Reply Quote 0
      • M
        muswellhillbilly
        last edited by

        I'm making an assumption here that 1.1.1.1 is your WAN IP and that your internal LAN network is 10.0.0.x. It would help knowing if this is the case and what your firewall/NAT rules are before making any guesses. I also don't quite see how connecting to 10.0.0.160 (internally, I'm guessing - again) would take you to the PFS management console, unless you're doing some wierd and wonderful routing somewhere.

        Start by posting screenshots of your NAT and firewall rules. And clarify which are your LAN and WAN connections, please.

        1 Reply Last reply Reply Quote 0
        • P
          Pfsenseuser24
          last edited by

          @muswellhillbilly:

          I'm making an assumption here that 1.1.1.1 is your WAN IP and that your internal LAN network is 10.0.0.x. It would help knowing if this is the case and what your firewall/NAT rules are before making any guesses. I also don't quite see how connecting to 10.0.0.160 (internally, I'm guessing - again) would take you to the PFS management console, unless you're doing some wierd and wonderful routing somewhere.

          Start by posting screenshots of your NAT and firewall rules. And clarify which are your LAN and WAN connections, please.

          1.1.1.1 = WAN IP #1
          1.1.1.2 = WAN IP #2

          10.10.10.1 = LAN Pfsense Mgmt IP
          10.0.0.160 = LAN Web Server

          My question is really, if you have 2 WAN IPs, how does pfsense know which to port forward if both are listening on the same port?

          1 Reply Last reply Reply Quote 0
          • DerelictD
            Derelict LAYER 8 Netgate
            last edited by

            Port forwards are an IP_Address:port combination.

            IP_Address1:80 can forward somewhere differently that IP_Address2:80.

            It is said again and again that port forwards take precedence over the firewall listening on a port yet COUNTLESS people report he same result as you are. Ima test this right now.

            Chattanooga, Tennessee, USA
            A comprehensive network diagram is worth 10,000 words and 15 conference calls.
            DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
            Do Not Chat For Help! NO_WAN_EGRESS(TM)

            1 Reply Last reply Reply Quote 0
            • DerelictD
              Derelict LAYER 8 Netgate
              last edited by

              System > Advanced, Admin Access tab

              Protocol: HTTPS
              TCP Port: blank
              WebGUI redirect: unchecked (enabled)

              Firewall > NAT, Port Forward tab

              Interface: WAN
              Protocol: TCP
              Destination: WAN address
              Destination port range: HTTP
              Redirect target IP: 172.26.0.100
              Redirect target port: HTTP
              Description: Pass HTTP to web server
              Filter rule association: Rule NAT Pass HTTP to web server (Auto-created)

              http://172.27.0.5/ I get the forwarded web server.

              I have no idea why people say they get the WebGUI. Probably testing from inside or something equally wrong.

              ![Screen Shot 2016-03-13 at 5.41.16 PM.png](/public/imported_attachments/1/Screen Shot 2016-03-13 at 5.41.16 PM.png)
              ![Screen Shot 2016-03-13 at 5.41.16 PM.png_thumb](/public/imported_attachments/1/Screen Shot 2016-03-13 at 5.41.16 PM.png_thumb)

              Chattanooga, Tennessee, USA
              A comprehensive network diagram is worth 10,000 words and 15 conference calls.
              DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
              Do Not Chat For Help! NO_WAN_EGRESS(TM)

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.