Route a wan ip to a lan ip

Alucardko

https://doc.pfsense.org/index.php/How_can_I_forward_ports_with_pfSense

https://doc.pfsense.org/index.php/Port_Forward_Troubleshooting

https://doc.pfsense.org/index.php/Firewall_Rule_Troubleshooting

Since your WAN is in private IP space, make sure you uncheck the Block private networks on WAN (Interfaces - WAN) or it will reject your incoming traffic.

thanks for u answer, I have no problems with the incoming traffic, actually my pfsense works correctly, What I need is redirect 192.168.17.2 to a pc in lan 192.168.7.10 For the ip public point to to that machine

hda

I understand, too, that your "redirect" equals to portforwarding.

Your WAN IP is another number compared to the 3 "Internet" IP's, Why is that ..17.7 ?

Post a screenshot of Status/Interfaces, so we can verify our understanding of your situation.

I have no problems with the incoming traffic, actually my pfsense works correctly

You mean you can browse from ..7.10 in the Internet ?

Alucardko

@hda:

I understand, too, that your "redirect" equals to portforwarding.

Your WAN IP is another number compared to the 3 "Internet" IP's, Why is that ..17.7 ?

Post a screenshot of Status/Interfaces, so we can verify our understanding of your situation.

I have no problems with the incoming traffic, actually my pfsense works correctly

You mean you can browse from ..7.10 in the Internet ?

my subnet without the pfsense is 192.168.17.xx, and the ips (192.168.17.2-192.168.17.3-192.168.17.4) has a ip public each one, I cant change anything in this subnet, because only the provider can do that, then I need forwarding thats ips to some ips in the lan of pfsense

KOM

I have no problems with the incoming traffic

I'm talking specifically about unsolicited incoming traffic, not return traffic from your outbound requests. Unsolicited private IP traffic is blocked from WAN unless you uncheck that box I mentioned earlier.

It should be no problem to create a port forward from your WAN to LAN. Do you have a system on the 192.168.17 network to test your port forward with?

Cheetohz

I think he is wanting a full DMZ host

No firewall, NAT, DNS, etc. for one single host on his internal private network.

Indeed firewall rules are what you want to achieve this

https://doc.pfsense.org/index.php/Example_basic_configuration#DMZ_Configuration

Alucardko

@Cheetohz=topic=122016.msg674060#msg674060:

I have no problems with the incoming traffic

I think he is wanting a full DMZ host

No firewall, NAT, DNS, etc. for one single host on his internal private network.

Indeed firewall rules are what you want to achieve this

https://doc.pfsense.org/index.php/Example_basic_configuration#DMZ_Configuration

No I dont want DMZ

@KOM:

I have no problems with the incoming traffic

I'm talking specifically about unsolicited incoming traffic, not return traffic from your outbound requests. Unsolicited private IP traffic is blocked from WAN unless you uncheck that box I mentioned earlier.

It should be no problem to create a port forward from your WAN to LAN. Do you have a system on the 192.168.17 network to test your port forward with?

a system? I dont understand you, you mean If I have router o something similar, for look the forward ports? No I dont manage anything of thar network, is the cause I want use PFsense

KOM

I was asking because you appear to have a double-NAT situation going on, and your problem may have more to do with your ISP not forwarding your traffic. I wanted ot see if you could check your port forward from in front of your pfSense, not your ISP.

Alucardko

@KOM:

I was asking because you appear to have a double-NAT situation going on, and your problem may have more to do with your ISP not forwarding your traffic. I wanted ot see if you could check your port forward from in front of your pfSense, not your ISP.

More easy, if you have my situation, how you forward that ip to a subnet pfsense ip, my ISP ois good, in this moment I have 2 machines directly to the isp with reserveds ip (17.2 and 17.4) and the 2 IP publics are correctly forward to thats machines, then I need forward 17.3 to a machine in pfsense lan

KOM

Well, like I said earlier it's easy to port forward in pfSense and it just works. If you can't get it working, post screenshots of your NAT port forward rules and WAN firewall rules.

Alucardko

@KOM:

Well, like I said earlier it's easy to port forward in pfSense and it just works. If you can't get it working, post screenshots of your NAT port forward rules and WAN firewall rules.

In firewall I dont have any configuration

KOM

OK I suspect the problem here is that you're trying to forward port 80 when you have pfSense WebGUI listening on that same port. Are you running WebGUI in HTTP mode or HTTPS? If I'm correct then there are two ways to fix this:

Use a Virtual IP with one of the IPs your ISP assigned you and then use that Virtual IP as the Destination Address in your firewall rule.
Change your WebGUI though the System options from port 80 to a different port, or switch to HTTPS mode.

Alucardko

@KOM:

OK I suspect the problem here is that you're trying to forward port 80 when you have pfSense WebGUI listening on that same port. Are you running WebGUI in HTTP mode or HTTPS? If I'm correct then there are two ways to fix this:

Use a Virtual IP with one of the IPs your ISP assigned you and then use that Virtual IP as the Destination Address in your firewall rule.

Change your WebGUI though the System options from port 80 to a different port, or switch to HTTPS mode.

This is my configuration

KOM

OK WebGUI is listening on port 80 so you can't forward that port directly from WAN. You need to do one of my two suggestions.

Alucardko

I dit this, but doesnt works, I think I need do another thing, but Im not sure

KOM

How exactly are you doing your testing to see if it works or not?

Alucardko

@KOM:

How exactly are you doing your testing to see if it works or not?

in the pc (7.10) I have a web page in IIS, when I connect that machine directly in subnet of the ISP with ip (192.168.17.3) then I test from another network, I put the public ip in a browser, and it works, but when i return to pfsense lan, and change the ip (7.10) I do the same process but doenst work

KOM

Here are two screens that show a port forward defined and WAN rules to allow the traffic. Note that the aliases such as WWW, cloud point to private IP addresses, not public.

1.png_thumb

2.png_thumb

johnpoz

"directly in subnet of the ISP with ip (192.168.17.3)"

Dude can you do a simple sniff on your pfsense wan… Then go to canyouseeme.org and test to port 80... Do you see the traffic to 80??

canyouseeme.jpg_thumb

Alucardko

@KOM:

Here are two screens that show a port forward defined and WAN rules to allow the traffic. Note that the aliases such as WWW, cloud point to private IP addresses, not public.

WWW and cloud, are ip's in your Pfsense Lan ?

@johnpoz:

"directly in subnet of the ISP with ip (192.168.17.3)"

Dude can you do a simple sniff on your pfsense wan… Then go to canyouseeme.org and test to port 80... Do you see the traffic to 80??

this show me in that page, Error: I could not see your service on x.x.x.211 on port (80)
Reason: Connection timed out

But I discovered something, the public IP that shows me is correct, the one assigned to 192.168.17.3
Modify message

KOM

WWW and cloud, are ip's in your Pfsense Lan ?

It's a DMZ, but yes it's a LAN.