Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    IP source address

    Scheduled Pinned Locked Moved Firewalling
    7 Posts 2 Posters 361 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • G
      Gianni71
      last edited by

      Hi everyone,
      i successfully create a custom port mapping and it works fine.
      But the device see as source address the firewall local address instead the source public IP.
      i tried nat reflection without success.

      any help?

      GertjanG 1 Reply Last reply Reply Quote 1
      • GertjanG
        Gertjan @Gianni71
        last edited by

        @Gianni71 said in IP source address:

        a custom port mapping and it works fine

        What is a custom port mapping ?
        A NAT (PAT) rule ?
        Can you show it ?

        No "help me" PM's please. Use the forum, the community will thank you.
        Edit : and where are the logs ??

        G 1 Reply Last reply Reply Quote 0
        • G
          Gianni71 @Gertjan
          last edited by

          @Gertjan port.png

          GertjanG 1 Reply Last reply Reply Quote 0
          • GertjanG
            Gertjan @Gianni71
            last edited by

            @Gianni71

            Destination is "WAN address" ... why ?
            Is this rule part of a NAT refection ?

            NAT rules are for traffic coming from the outside, mostly known as 'the Internet' so it can reach a device on your LAN, in your case 10.1.0.6 - port 1123, TCP.

            What er you trying to do ?

            Btw : why do you need NAT reflection ?
            For example, if a device on your LAN needs to connect to another device on LAN, it doesn't need to connect to the pfSense WAN so it gets 'redirected back' into pfSense so it goes to a LAN device .... That's ... let's call it pretty broken.
            Why not using the LAN IP directly ? Or create a resolver host name override where it points to the destination LAN IP, and now you can use a host name.

            No "help me" PM's please. Use the forum, the community will thank you.
            Edit : and where are the logs ??

            G 1 Reply Last reply Reply Quote 0
            • G
              Gianni71 @Gertjan
              last edited by

              @Gertjan port1.png

              Here is the port rules on WAN.

              my client needs to connect from their dinamic ip to my public static ip address port 1123 and forward to 10.1.0.6 and works fine.
              but in my app i can detect the source ip but it's always 10.1.0.4 (pfsense) not the client public ip address.
              Thanks.

              GertjanG 1 Reply Last reply Reply Quote 0
              • GertjanG
                Gertjan @Gianni71
                last edited by

                @Gianni71

                Example :

                I've a NAT rule that allows me to SSH into my syno NAS called diskstation2, a pfSense LAN based device living on 192.168.1.8 (is an pfSense Alias with the host name "Diskstation2" - see below)

                b032af4a-9516-4d8c-9d06-7538c54eecf3-image.png

                Btw : "SYS" is an Alias that contains the IPv4 of my server that lives in a data centre with the public IPv4 188.165.xxx.123. I limit on purpose the "Source" with this SYS alias, so no one else on the net can connect to my LAN based NAS.

                When I login :

                ssh -4 -i /root/.ssh/diskstation2-openssh-private root@diskstation2.bhf.net

                I can see in the logs of my Syno NAS :
                40203cda-b8f9-4a50-9b64-ea3069467d4e-image.png

                and 188.165.xxx.123 is my server's public IPv4.

                So, yes, your app running should 'see' as the source IP the IP of the device that connects to it.

                Btw : pfSense LAN is 10.1.0.4 ? not 10.1.0.1 ? or 10.1.0.254 ? dot 4 isn't wrong per se, but strange.

                No "help me" PM's please. Use the forum, the community will thank you.
                Edit : and where are the logs ??

                G 1 Reply Last reply Reply Quote 0
                • G
                  Gianni71 @Gertjan
                  last edited by

                  @Gertjan yes pfsense address is 10.1.0.4

                  1 Reply Last reply Reply Quote 0
                  • First post
                    Last post
                  Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.