Destination Nat
-
Hi :D
I'm a little confused how I could do this rule in pfsense.iptables -t nat -I PREROUTING -p tcp -s 192.168.0.0/24 –dport 1863 –j DNAT --to-destination 192.168.0.10:1863
-
If I read that correctly you want any connection from 192.168.0.x/24 on port 1863 to be directed instead to 192.168.0.10 on port 1863?
A simple NAT rule using that logic, on the LAN interface, should do what you're after.
-
Thanks for the help
Yes I want everything to go out the LAN destination with 1860 forwarded to
that IP.
And that ip which had undertaken to send to the web.
It would be for software IMControl
I tried manual outboundOutbound
LAN 192.168.0.0/24 * * 1863 192.168.0.10/24 1863 NOPort Foward
LAN TCP 192.168.0.0/24 * WAN net 1863 192.168.0.10 1863
I do not know how to do that actually
-
(off the top of my head - the documentation will cover more) you'd set up a port forward on the LAN interface for anything EXCEPT 192.168.0.10 on port 1863, to direct that to 192.168.0.10. If you search the forum for running a transparent proxy on another host you'll find mountains of information, since it's exactly the same problem.
-
Thanks for the help
But I do not know what I might be doing wrong in linux very simple and
pfsense am little confused
let's imagine a situation
A network 192.168.200.0/24 and I have a machine with apache 192.168.200.73
How to make all Internet packets destined for port 80 is forwarded to 192.168.200.73
I created a rule in NAT
LAN TCP * * * 80 (HTTP) 192.168.200.73 80 (HTTP)returns
13:44:09.153024 ARP, Request who-has 192.168.200.1 tell 192.168.200.80, length 46
13:44:09.153616 ARP, Reply 192.168.200.1 is-at 00:0c:29:7a:b1:53, length 46
13:44:09.153618 IP 192.168.200.80.3771 > 189.91.192.6.80: tcp 0
13:44:09.161122 IP 189.91.192.6 > 192.168.200.80: ICMP redirect 189.91.192.6 to host 192.168.200.73, length 56
13:44:09.161124 IP 189.91.192.6 > 192.168.200.80: ICMP host 189.91.192.6 unreachable - admin prohibited, length 56
13:44:12.156867 IP 192.168.200.80.3771 > 189.91.192.6.80: tcp 0 -
Did you search the forum for those other threads?
-
Yes I tried
and the rule in the NAT works
LAN TCP * * * 80 (HTTP) 192.168.200.73 80 (HTTP)But the ip to respond to GW and the inverse is also true
-
The ICMP redirect indicates some wrong or weird routing config. The ICMP unreachable either the same, or that you're rejecting the traffic with firewall rules.