How to use multiple WAN IP's

Hi, I am trying to replace my current firewall and am evaluating IPFire. I have a /29 block of IP addresses. 88-95. I can configure IPFire with 90 (gateway 89) and set up aliases for 91-94. Now I have a LAN device, lets say that I want to receive all traffic to .91 test1). I set up a rule:

  • source - Red network
  • NAT - destination NAT - Firewall Interface - test1
  • Destination -
  • Protocol - All

Do I need an SNAT rule for return traffic.

Now, I also want all traffic originating from to appear in the internet from 91. Does that then need an SNAT rule?

Is there any way of doing this all in one? In my current firewall router (ClearOS), it is a single 1-to-1 NAT entry which covers everything.

The matching SNAT rules (Masquerading) are automatically added so returning NAT’d traffic appears to come from the public WAN IP addresse(s).
Check Firewall → Firewall Options → Masquerading.


This is the default (used with public WAN addresses and private/non-routable LOCAL addresses).

Without Masquerading, the return traffic from private IP addresses on LOCAL networks (GREEN,ORANGE,BLUE) would be dropped as it is not routable on the public internet. The option to disable Masquerading is useful in edge cases for firewalling/routing private internal networks (where WAN and LAN both use private addresses, eg: a non-internet connected IPFire behind another IPFire).