Port Translation

Gob

Hi
I have a problem with port translation between LAN and a DMZ.

we have an SFTP server sitting in a DMZ using a Private IP and running on port 2222. We wish to publish this to the internet on port 22 and have a Port Forwarding rule translating port 2222 to 22. This works fine as expected.

We have set up a split DNS using the pfSense DNS forwarder to redirect LAN clients straight to the DMZ rather than enabling NAT reflection.
We want LAN clients to use port 22 the same as the internet clients but I am not sure how we can translate port 22 to 2222 from the LAN to the DMZ. Port 2222 works fine for the LAN clients.

We have a Multi WAN setup so Manual Outbound NAT is enable.
I tried adding a Outbound NAT rule in there with a source of the LAN subnet, destination of the SFTP server, destination port 22 and NAT port of 2222 but that doesn't seem to work.

Any suggestions?

thanks
Gordon

clarknova

@Gob:

I tried adding a Outbound NAT rule in there with a source of the LAN subnet, destination of the SFTP server, destination port 22 and NAT port of 2222 but that doesn't seem to work.

This needs to be a port forward rule, not an outbound rule.