Port forwarding to an additional public IP instead of the WAN address

frog · Nov 8, 2023, 9:23 AM

Wan address example details 123.123.123.9 - 123.123.123.14 internal ips 192.168.155.245 and 246

Hi all, I have a bit of an issue in that I need to allocate a public ip to 2 internal devices (different ports) I would normally do this by just forwarding the wan address but there is another device using the ports I need to allocate.

I would also need said 2 internal devices to use that Public ip for outbound traffic.

So the wan ip would be 123.123.123.10 (it's gw .9)

I want port forwards of
123.123.123.11 TCP/UDP 5060-5060 192.168.155.245 - locked down to io 133.133.133.1 and 133.133.133.2
123.123.123.11 TCP/UDP 9000-9000 and 90-90 192.168.155.246 - locked down to io 133.133.133.1 and 133.133.133.2

123.123.123.11 TCP/UDP 10020-10532 192.168.155.246 - locked down to io 133.133.133.1 and 133.133.133.2

Then both 192.168.155.245 and 246 to use 123.123.123.11 for outbound access.

Hope that all makes sense and appreciate any help.

greenlight · Nov 8, 2023, 9:31 AM

@frog hi

how did you add your ip adresses on your pfsense?

is that like virtual ip's or every ip addresses has their router and gateway?

frog · Nov 8, 2023, 9:47 AM

@greenlight HI Thx for the prompt reply. I haven't added and virtual IP yet although can if needed. I know you have to do it for 1 to 1 nat, would I do it in the normal way ip alias?

It's a /29 so the firewall is aware it's in a subnet with 5 other IPs

frog · Nov 8, 2023, 9:51 AM

@greenlight actually that may be why it didn't work I have added the IP alias now and will try.

How do I configure the outbound nat rule for those 2 internal IP's to use the specific public IP outbound

greenlight · Nov 8, 2023, 9:56 AM

@frog actually, i have 3 gateways for outgoing,

firstly i added groups and i define my devices lan ip adresses there on firewall.

after then i adds rules on lan.

in that rule i choose that group which one use that gateway for outgoing in source. also i choose that gateway. it's work with it.

frog · Nov 8, 2023, 10:03 AM

@greenlight thx, are you gateways physical? ie' wan, wan2, etc? as my setup needs to go through the wan interface just on a different public ip

greenlight · Nov 8, 2023, 10:26 AM

@yes my gateways are physical.

but you need to gateways for outgoing connection. It doesn't matter physical or not. otherwise you can't set it.

you can not go outside without door. the door is your gateway and your defined ip. First you need to define the door, after then you can use and show others, which door you are use.

viragomann · Nov 8, 2023, 6:08 PM

@frog said in Port forwarding to an additional public IP instead of the WAN address:

How do I configure the outbound nat rule for those 2 internal IP's to use the specific public IP outbound

After you have assigned the IPs to pfSense you can use it in outbound NAT rules.

NAT 1:1 can also achieve, what you want, but this nats all incoming traffic (all ports) to the stated local IPs. If this is fine for you, then you can use it and don't need to configure outbound NAT rules.

For outbound NAT configuration, switch the outbound NAT into the hybrid mode. Then add a rule:
interface: WAN
protocol: any
source: 192.168.155.245/32 133.133.133.1
dest: any
translation: select 133.133.133.1

Add an additional rule for the other mapping.

frog · Nov 9, 2023, 7:57 AM

@viragomann

Thanks I didn't realise you could do a 1 to 1 nat to multiple internal ip's. That makes things much easier. I'll try that many thanks..

and Thanks to all the other contributors.

frog · Nov 9, 2023, 11:11 AM

@viragomann The 1:1 nat to the 2 internal Ip's worked so thanks for everyone's help. Much appreciated.