Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Do a lot of Port Forwarding Rules impact traffic speed?

    Scheduled Pinned Locked Moved NAT
    5 Posts 4 Posters 1.3k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • E
      Esbit
      last edited by

      Hi guys,

      This week I changed the firewall server of our company from a very old TMG to a shiny new server with pfSense running on it.

      After installing and basic configurations everything was working fine and the speed were snappy 100 Mbit/s up and down.

      Our setup is the following:

      The ISP provides us with 254 public IPs which are all (except ..***.1 which is the ISP modem) configured as Virtual IPs of the WAN interface.
      Behind pfSense are now hundreds of machines, which are provided with IP addresses just fine and can access the internet.
      about 250 of these machines need port forwarding of at least 2 ports.

      So I created a NAT port forwarding rule for every machine, so that the external IP ..***.xxx maps the internal IP 10.0.0.xxx, for example for the ssh protocol.

      NAT worked fine, tested it from outside of our network. But with every rule my connection speed got slower. I'm not sure if it really is caused by the NAT rules or if I'm looking at the wrong places.

      Now I'm at approx. 520 rules and that are not even the custom ones special server need additionally to the two I already forwarded…

      Loading a website form within the network takes several seconds up to a minute instead of an almost instant load.

      Does anyone have experienced such a behavior and found a solution? Or am I just naive to think 500+ rules would just work like a dream?

      tl;dr: Do a lot of Port Forwarding Rules impact traffic speed?

      Cheers, Esbit

      1 Reply Last reply Reply Quote 0
      • S
        santello
        last edited by

        Did you try the NAT outbound with Translation pool options?

        1 Reply Last reply Reply Quote 0
        • C
          cmb
          last edited by

          500 isn't all that many. Certainly wouldn't have any significant impact on performance. You have something else going on there. Capture the traffic from the slow requests, see what it's doing and not doing.

          1 Reply Last reply Reply Quote 0
          • E
            Esbit
            last edited by

            Okay… xD

            First of all, thanks for your replies!

            I thought so, too, that 500 rules should be nothing. And in the end it wasn't that.

            The next day I opened pfSense and saw, thanks to Darkstat, that we had one server that was just blocking the whole bandwidth. All the time. Soooo, blocked it and now it's working like a dream!

            Thanks again! The thread can be closed :)

            Cheers,
                Esbit

            1 Reply Last reply Reply Quote 0
            • H
              Harvy66
              last edited by

              Isn't this what 1:1 NAT for?

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.