NAT With Multiple IPs Issue



  • I am a bit confused on why this is not working, here is my scenario

    -Pfsense management IP set to 1.1.1.1
    -1.1.1.2 set as a virtual IP
    -NAT 1:1 1.1.1.2 to 10.0.0.160

    When I try to Port Forward port 80 to 1.1.1.2 or 10.0.0.160 it brings me to the Pfsense management interface instead.

    What do I need to do so that if I am trying to access 1.1.1.2:80 that it knows to bring me to 10.0.0.160:80 ?



  • I'm making an assumption here that 1.1.1.1 is your WAN IP and that your internal LAN network is 10.0.0.x. It would help knowing if this is the case and what your firewall/NAT rules are before making any guesses. I also don't quite see how connecting to 10.0.0.160 (internally, I'm guessing - again) would take you to the PFS management console, unless you're doing some wierd and wonderful routing somewhere.

    Start by posting screenshots of your NAT and firewall rules. And clarify which are your LAN and WAN connections, please.



  • @muswellhillbilly:

    I'm making an assumption here that 1.1.1.1 is your WAN IP and that your internal LAN network is 10.0.0.x. It would help knowing if this is the case and what your firewall/NAT rules are before making any guesses. I also don't quite see how connecting to 10.0.0.160 (internally, I'm guessing - again) would take you to the PFS management console, unless you're doing some wierd and wonderful routing somewhere.

    Start by posting screenshots of your NAT and firewall rules. And clarify which are your LAN and WAN connections, please.

    1.1.1.1 = WAN IP #1
    1.1.1.2 = WAN IP #2

    10.10.10.1 = LAN Pfsense Mgmt IP
    10.0.0.160 = LAN Web Server

    My question is really, if you have 2 WAN IPs, how does pfsense know which to port forward if both are listening on the same port?


  • LAYER 8 Netgate

    Port forwards are an IP_Address:port combination.

    IP_Address1:80 can forward somewhere differently that IP_Address2:80.

    It is said again and again that port forwards take precedence over the firewall listening on a port yet COUNTLESS people report he same result as you are. Ima test this right now.


  • LAYER 8 Netgate

    System > Advanced, Admin Access tab

    Protocol: HTTPS
    TCP Port: blank
    WebGUI redirect: unchecked (enabled)

    Firewall > NAT, Port Forward tab

    Interface: WAN
    Protocol: TCP
    Destination: WAN address
    Destination port range: HTTP
    Redirect target IP: 172.26.0.100
    Redirect target port: HTTP
    Description: Pass HTTP to web server
    Filter rule association: Rule NAT Pass HTTP to web server (Auto-created)

    http://172.27.0.5/ I get the forwarded web server.

    I have no idea why people say they get the WebGUI. Probably testing from inside or something equally wrong.

    ![Screen Shot 2016-03-13 at 5.41.16 PM.png](/public/imported_attachments/1/Screen Shot 2016-03-13 at 5.41.16 PM.png)
    ![Screen Shot 2016-03-13 at 5.41.16 PM.png_thumb](/public/imported_attachments/1/Screen Shot 2016-03-13 at 5.41.16 PM.png_thumb)


Log in to reply