[pfSense] port forwarding LAN to LAN

Moshe Katz moshe at ymkatz.net
Tue May 1 11:49:34 EDT 2012

The way we do it in my office is using Split DNS.  We have DNS servers in a
datacenter that resolve public queries for our servers and return the
public IP addresses.  We also have internal DNS (we are using a server but
you can use the pfSense's built-in DNS server) and our names point to the
private internal addresses.

For example, DNS for our web site is 71.179.xxx.xxx in our offsite DNS but
it is 192.168.xxx.xxx in our internal DNS.

This has the added benefit of taking a substantial load off of the pfSense
hardware because it doesn't have to do NAT translation between addresses on
the same side of the network.  That capacity is then available for real
incoming and outgoing connections.  We also see great speed improvements
because we have a gigabit internal network but our pfSense throughput is
closer to 100mbit.

It is a little bit more work to maintain two sets of DNS records but it
simplifies configuration and improves response times from the server.


Moshe Katz
-- moshe at ymkatz.net
-- +1(301)867-3732

On Tue, May 1, 2012 at 10:30 AM, Nelson Serafica <ntserafica at gmail.com>wrote:

> I've pfsense with port forwarding running fine if the rules is WAN to
> LAN but if the rules is LAN to LAN. It doesn't work. I'm using DSL and
> if WAN is down, local users cannot access the server because the ip on
> WAN is not available. To resolve this issue, I use dynamic forwarder
> and point the domain to the LAN Interface of pfsense and create a NAT
> rule from the LAN interface redirecting port 587 to Server A port 587.
> Server A has the same subnet of LAN Interface.
> e.g. LAN interface is I want to port forward port
> 587 to port 587. Is this possible?
> _______________________________________________
> List mailing list
> List at lists.pfsense.org
> http://lists.pfsense.org/mailman/listinfo/list
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.pfsense.org/pipermail/list/attachments/20120501/112c5392/attachment.html>

More information about the List mailing list