NAt vs Firewall rule

[reep]

Hi,

I'm trying to create some NAT Port forwards from the outside world to my server.

I have two main ADSL WAN connections

I can see in Firewall rules I can make a rule and select multiple interfaces for incoming traffic so I could create one rule that says 'For all incoming traffic for port 80 forward to 192.168.1.100'

But I believe I should really create a NAT Port Forward and for this it seems you can only pick one interface which means I need two rules for each port, one for WAN 1 and one for WAN 2. Is this correct or am I going mad or doing something wrong ?

I also wonder how this works with Multi WAN ?

B. Rgds
John

[srijan]

You need to create Port Forwards for each WAN (WAN1 and WAN2). This will let you access the webserver on each WAN IP i.e. http://WAN1 or http://WAN2. If you have a domain name, rather stick to one Port forward on only one WAN interface.

While configuring it if you let Opnsense create firewall rules, it will do so automatically under each WAN.

Multi WAN is used in case you want to failover WAN1 and WAN2 in scenarios when one goes down or load balance traffic between WAN1 and WAN2.

[reep]

OK, I did wonder about this.

I'll log it as a NFR.... you can 'multi' assign for a standard firewall rule but not NAT.

B. Rgds
John

[reep]

As a follow up to this I created

https://github.com/opnsense/core/issues/1172

The simple(ish) answer is that you can 'Multi Select' WAN interfaces in Firewall rules, but not in NAT Port Forwards.

However, you can use Interfaces/Other Types/Groups and and then use the Group in the rules.

It would probably be better to either drop Multi Select and just use groups, or vice versa but that make may a mess of peoples current settings.

I may try and add some info in a HOWTo in due course.

B. Rgds
John