Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Redirecting public traffic to an internal IP/port

    Scheduled Pinned Locked Moved Firewalling
    2 Posts 2 Posters 279 Views 2 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M Offline
      mdwarf
      last edited by

      Good morning everybody,

      I'm working to configuring a pfSense 2.5 version to act as a firewall in this way:

      • two Ethernet interfaces: one WAN interface (ip: 192.168.101.16) and one LAN interface (ip: 192.168.201.16). All incoming public traffic arriving from another fw to a specific public static IP it's been NATted to the WAN pfSense interface. Subnet 192.168.33.0 is the final destination from incoming traffic (pfSense LAN 192.168.201.0 has a gateway to 192.168.33.0, 192.168.201.250).

      • WAN interface has its proper gateway defined (GWWAN)

      • LAN interface has no general gateway defined but there is a routing rules defining a gateway (GWLAN)

      • A 1:1 NAT rules has been defined:
        2b4600ff-b284-46bd-9823-aded298bae9f-image.png

      • Routing table:
        9fcb9a0b-dcb1-4ad2-9fd5-f950bdc78e4f-image.png

      • Firewall rules on WAN interface:
        81da066d-199e-4dce-b573-2f31bc18f806-image.png

      • Firewall rules on LAN interface:
        859f175e-9d5d-4fdd-9c24-3640c68cf747-image.png

      • Logging incoming traffic we can see that all incoming traffic from WAN interface (from public IPs) stops at LAN IP address (ports redirection/filtering is not important in this moment):

      68793c1c-7a95-4691-8a8a-9acc3efb5c83-image.png

      What am I not seeing?
      Thank you in advance.

      Marco

      V 1 Reply Last reply Reply Quote 0
      • V Offline
        viragomann @mdwarf
        last edited by

        @mdwarf
        Your 1:1 NAT rule forwards the traffic to the pfSense LAN address, but it should be forwarded to the LAN gateway.

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.