Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Source nat question

    Scheduled Pinned Locked Moved NAT
    2 Posts 2 Posters 556 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      markw1
      last edited by

      Hello,

      I connected my pfsense box to my openvpn server, with this config I am able to browse the internet.

      I'm trying to host a server that will be routed thru the openvpn network but I'm unsure how to configure pfsense to nat it. (outside clients cannot reach my internal server thru the openvpn WAN IP)

      i'm partially following this link, tho I'm not sure how to set the 2nd in pfsense (iptables -t nat -A POSTROUTING -d y.y.y.100 -p tcp –dport 6000 -j SNAT --to-source y.y.y.1) -
      https://unix.stackexchange.com/questions/55791/port-forward-to-vpn-client

      *edit- i've configured openvpn device mode as tap

      1 Reply Last reply Reply Quote 0
      • S
        Soyokaze
        last edited by

        1st: are sure you will really receive incoming packets on your VPN interface? You should have real IP on your VPN interface to accomplish this.
        2nd: add incoming NAT rule for external access, check FROM SOME OTHER LOCATION and watch in States for connections to your internal server. Connection would not work now, but you should see connection attempts to your internal server.
        3rd: go to advanced outbound NAT, create a topmost rule:
        interface: OpenVPN
        source: any
        port: any
        destination: your internal server IP (type: network, your IP, network /32)
        port: specific port or any
        Translation address: Other subnet and type in your LAN address in network format with /32

        Need full pfSense in a cloud? PM for details!

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.