Project

General

Profile

Actions
Copy link

New Content #16245

closed

Add VIP and Firewall Rules References to 1:1 NAT Configuration Example

Added by dylan mendez 3 months ago. Updated about 2 months ago.

Status:
Rejected
Priority:
Normal
Assignee:
-
Category:
NAT
Target version:
-
Start date:
Due date:
% Done:

0%

Estimated time:

Description

It's not currently clear in the docs that you need to create a VIP before the 1:1 NAT as well as Firewall Rules for 1:1 NAT to work properly.

https://docs.netgate.com/pfsense/en/latest/nat/1-1.html#nat-configuration-examples

This proved to be quite frustrating for a couple customers I've worked with.

Actions
Copy link
 #1

Updated by Jim Pingle about 2 months ago

  • Status changed from New to Rejected

I don't think there are any changes here that are necessary at the moment.

A virtual IP address is not required for all scenarios. For example, a whole block of addresses could be routed to the firewall from upstream.

That said, the "External subnet IP" option text in the docs already mentions the possibility of needing a VIP.

It's also explicitly listed in the bullet points here on that docs: https://docs.netgate.com/pfsense/en/latest/nat/1-1.html#configuring-1-1-nat-rules

Firewall rules are mentioned in various places on the page as well, and interactions between any NAT and firewall rule are well-covered all around the docs.

Actions
Copy link

Also available in: Atom PDF