2017 pfSense: How To NAT / Port Forward With a Multiple Wan / Fail over setup

Thank you! I'm loving your videos and your way of explaining things. You have a way of making it easy to understand all the concepts of what you are working with, even when things aren't straightforward. Great work.

cbutters

Thanks for the instructional tutorial, it is exactly the tip that I needed.

williamshenk

I really appreciated this video. I'm evaluating pfsense to replace my homebrew Linux router/firewall. I've actually 3 separate WAN interfaces and quite a number of port forwards on these interfaces. For my situation, it's just much too unwieldy to maintain each rule in triplicate for each interface. I see a feature request for supporting interface groups with NAT rules that's 8 years old, so I don't see that going anywhere any time soon. :)

So pfsense isn't for me, and I'm grateful that this video saved me a pile of time. Thanks! (My tone really doesn't come across properly in text, but I really do mean that in a totally not passive aggressive way. :))

anothercrappypianist

Nice video... but how did you configure the gateways parameters ?

FaustoM

Thanks! Is there a 1-to-many nat with pfsense like in Meraki appliance?

abrahamamit

Is it possible to use NAT reflection on WAN2? I have set it in the rule, however if I try to access port 80 or 443 with the WAN2 public IP from LAN the pfSense login page shows up instead of the forwarded port. From outside the network it works as expected. Trying the same from LAN with WAN1's IP it works.

sandroshu

Hi I’m trying to forward ICMP from two different WAN IP’s to the same internal IP. I can’t ping both wan IP’s at the same time. I can only ping one at a time. Is it possible to do?
It works if I change one of the rules to point to a different internal server.
Both WAN IP's are configured as Virtual IP's on interface "WAN".

HestnetIT

can you do a video with 4 WAN loadbalance and Failover?

kuyajamez

Tengo el FW con 2 ISP diferentes, los tengo en el balanceador de carga. También puedo configurar VPN IPSEC en cada ISP pero necesito que sean conmutables entre ellos en caso de caida de alguno de los 2 ISP. como se configura esa conmutación?

horaciosilvaporras

i am connected to my isp via radio. the radio has an ip address of 10.x.x.x/24, my public ip address is 41.x.x.x my internal ip address is 192.168.1.0/24 how do i configure port forwarding with this setup?

sdkoncepts

Is there more configuration that needs to be done under Firewall > Virtual IPs to get the static ip's to resolve when one network fails? I setup an IP Alias for each Static IP on the failover block with WAN2 for the interface, but when I unplug the main network these ip's won't resolve.

AdamShrum

Awesome. I've subscribed to your channel. I'd love to see more pfsense videos, if you feel so inclined.

joeyl.

what should I look at for installing SSDs into a PFSense box?

I am told that SSDs often fail with PFSense due to the number of writes.

please do a tutorial.

TheRangeControl

I'm trying something similar, but I only need port forward on 1 WAN interface however I cannot it to work. I have 2 WANs, the first is a 1G fibre circuit, but its not got static IP, and is using CGNAT, the other WAN is only 30Mbps and has static IP. I want all outbound connections to use the 1G WAN, and I want port forward on on the WAN with static IP. The 1G WAN is set as the default route. When I capture all interfaces with tcpdump, I see that PrtFwd is applied and I see the SYN on the internal server, and the SYN+ACK is sent out from the server, and PFS sends it out via the 1G WAN, not good. I also tried adding Source NAT, so that the client IP is replaced with an IP in the slow WAN range, and although NAT appears to work correctly, the SYN+ACK packet is still sent out on the 1G WAN and not the slow WAN. I also tried adding some policy routing, to set the GW as the 30M WAN, and still it always goes via the 1G WAN. Anybody got any ideas what is going wrong ?

nwzmedia

Hi can you make tutorial about "how to setup dnscrypt on pfsense"

rendygunardi

I have a zbox ci323 running pfsense to have a cpu that can encrypt and decrypt my 150mbit traffic fast enough through my vpn provider. Then Netflix started blocking vpn connections and my kids watch a lot of netflix so i had to find a way to only route specific clients through vpn. I combined several guides and a week of trying but it has now been running perfectly for 8 months. I think more people will have this usecase but there isn't a good guide/video on the subject. It would be great if you made that video. I can provide the info i used to set it all up and share my pfsense config.

philipdijkstra

Ok let me start with this: I use Spectrum for my ISP, I have a netgear wireless bow connected to it. Before I set up this pfsense box. I could port forward into my netgear wireless router, ssh in to any of my computer that I setup. This is all I want do. But this is the hardest setup I have ever encountered. I tried what you show in the video and I still cant get to my computers.

EarnestRedwoodLINUXMASTER

Can I use virtualbox for practice in MAC? thanks

kjvenus

Queston: Can i use failover on two pfsense?. Can you give me a link how to configure this setup sir. Thank you.

shielloujabonga

So I am trying to set up a public gameing server for games like space engineer, minecraft, and any thing else but I don't want to have the problems of people hacking into my ip address could you do a video on this

tko_