Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Redirect traffic between LAN and OPT1

    Scheduled Pinned Locked Moved
    NAT
    2
    8
    435
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • T
      termal71
      last edited by termal71

      In Pfsense, I have two network cards, one connected to a network 192.168.56.2 which is the LAN network and the other one is connected to the network 192.168.58.2 which is the OPT1 network; these are the two IP addresses that each of the cards has in the Pfsense service. I have a server on the network 192.168.56.5 that has a web on port 8080; then I have a client on the network 192.168.58.16; how can I use port forwarding so that when I make a request to the address 192.168.58.2:8080 it redirects me to the address 192.168.56.5:8080?
      384d120b-607f-4763-a12f-91a8ac54c741-image.png
      e78c3641-dc36-47ad-be72-58c24f474067-image.png

      S 1 Reply Last reply Reply Quote 0
      • S
        SteveITS Rebel Alliance @termal71
        last edited by

        @termal71 It’s uncommon to use the gateway’s IP like that… normally one would use either NAT reflection on the WAN IP so an existing port forward works internally, or use split DNS to connect to the server directly if you’re on the same network.

        Have you tried creating a NAT rule on OPT1? (Not sure offhand if it will let you)

        Pre-2.7.2/23.09: Only install packages for your version, or risk breaking it. Select your branch in System/Update/Update Settings.
        When upgrading, allow 10-15 minutes to restart, or more depending on packages and device speed.
        Upvote 👍 helpful posts!

        T 1 Reply Last reply Reply Quote 0
        • T
          termal71 @SteveITS
          last edited by

          @steveits It isn't the gateway, there are ip's that i put it manually, for exemple 192.168.56.60, i only use that because they are short and easy to remember. I have 2 different networks and i want to redirect the traffic of the server of one network to another one. I don't want to use wan, because there are 2 different internal's network and i want to connect using a port forwarding

          S 1 Reply Last reply Reply Quote 0
          • S
            SteveITS Rebel Alliance @termal71
            last edited by

            @termal71
            58.2 is pfSense? A client on 58.x can connect to 58.2, or 56.5 directly. The latter requires a firewall rule since OPT1 will have no rules by default.

            Pre-2.7.2/23.09: Only install packages for your version, or risk breaking it. Select your branch in System/Update/Update Settings.
            When upgrading, allow 10-15 minutes to restart, or more depending on packages and device speed.
            Upvote 👍 helpful posts!

            T 1 Reply Last reply Reply Quote 0
            • T
              termal71 @SteveITS
              last edited by

              @steveits yes, 192.168.56.2 and 192.168.58.2 are the addresses of the pfsense. I dont know what rules i have to use to do the port forwarding correctly

              S 1 Reply Last reply Reply Quote 0
              • S
                SteveITS Rebel Alliance @termal71
                last edited by

                @termal71 I've never had to do it but I'm pretty sure you can create the port forward on the OPT1 network, source of OPT1 Net, destination 192.168.58.2:8080 redirect target IP of 192.168.56.5:8080.

                I don't really understand why clients on OPT1 can't attempt to connect directly to 56.5 though? That would just be a firewall rule on OPT1 allowing OPT1 Net to connect to 192.168.56.5 port 8080, and no port forwarding necessary. pfSense will route between the networks. Unless pfSense isn't the router/gateway for those networks, in which case the router would typically do this and a second pfSense router isn't normally necessary.

                Pre-2.7.2/23.09: Only install packages for your version, or risk breaking it. Select your branch in System/Update/Update Settings.
                When upgrading, allow 10-15 minutes to restart, or more depending on packages and device speed.
                Upvote 👍 helpful posts!

                T 1 Reply Last reply Reply Quote 0
                • T
                  termal71 @SteveITS
                  last edited by

                  @steveits I tried that yuo say, but isn't wok, i put i screenshot of what i do.
                  93b32191-598e-4225-b8ae-54b286a1deff-image.png

                  S 1 Reply Last reply Reply Quote 0
                  • S
                    SteveITS Rebel Alliance @termal71
                    last edited by SteveITS

                    @termal71 Ensure any firewall on the 56.5 server allows connections from the 58.x network.

                    This post talks about and outbound NAT rule https://forum.netgate.com/topic/179251/port-forwarding-on-lan-interface/6 but I think that's just to get around the server only listening on its own network.

                    Edit: https://docs.netgate.com/pfsense/en/latest/troubleshooting/nat-port-forwards.html

                    Pre-2.7.2/23.09: Only install packages for your version, or risk breaking it. Select your branch in System/Update/Update Settings.
                    When upgrading, allow 10-15 minutes to restart, or more depending on packages and device speed.
                    Upvote 👍 helpful posts!

                    1 Reply Last reply Reply Quote 0
                    • First post
                      Last post