Alias IP and NAT doesn't work

  • Hello.

    I am having issues doing a pretty simple thing, and as I am running out of ideas, it's time to call some help.

    I am using PfSense 2.3.2 and want to add Virtual IPs to access my LAN, using port forwarding. I am pretty sure my problem is linked to some routing problem as my IPs aren't in the same block and I already had some problems before because of that. Let's say I want to ssh a machine from my LAN using this new IP.

    My WAN :
    My Gateway :
    My new IP I want to use to NAT port forward :
    The machine on the LAN I want to ssh :

    So I added my IP in Firewall > Virtual IPs

    Type : IP Alias
    WAN / Single Address /

    Then, I setup Firewall > NAT > Port Forward

    Single Host or Alias (I am using a Firewall Alias IP here)
    Destination Port Range SSH
    Redirect Target IP
    Redirect Target Port SSH
    Nat Reflection Use System Default
    Filter Rule Association Pass

    When I telnet 22, I have a timeout.

    If I add some rules on Firewall > Rules > WAN, I can activate ICMP and ping my VIP. I also manage to ssh my PfSense via this VIP if I add the according rule, but when I want to reach the LAN using NAT / Port Forwarding, it always times out.

    I tried to use CARP instead of IP Alias, same problem.

    What am I doing wrong ?

    Thank you for your time.

Log in to reply