Alias IP and NAT doesn't work



  • Hello.

    I am having issues doing a pretty simple thing, and as I am running out of ideas, it's time to call some help.

    I am using PfSense 2.3.2 and want to add Virtual IPs to access my LAN, using port forwarding. I am pretty sure my problem is linked to some routing problem as my IPs aren't in the same block and I already had some problems before because of that. Let's say I want to ssh a machine from my LAN using this new IP.

    My WAN : 149.202.17x.xxx
    My Gateway : 149.202.16x.xxx
    My new IP I want to use to NAT port forward : 37.59.xxx.xxx
    The machine on the LAN I want to ssh : 192.168.0.10

    So I added my IP in Firewall > Virtual IPs

    Type : IP Alias
    WAN / Single Address / 37.59.xxx.xxx/32

    Then, I setup Firewall > NAT > Port Forward

    WAN
    TCP
    Single Host or Alias 37.59.xxx.xxx (I am using a Firewall Alias IP here)
    Destination Port Range SSH
    Redirect Target IP 192.168.0.10
    Redirect Target Port SSH
    Nat Reflection Use System Default
    Filter Rule Association Pass

    When I telnet 37.59.xxx.xxx 22, I have a timeout.

    If I add some rules on Firewall > Rules > WAN, I can activate ICMP and ping my VIP. I also manage to ssh my PfSense via this VIP if I add the according rule, but when I want to reach the LAN using NAT / Port Forwarding, it always times out.

    I tried to use CARP instead of IP Alias, same problem.

    What am I doing wrong ?

    Thank you for your time.


Log in to reply