Source nat question



  • Hello,

    I connected my pfsense box to my openvpn server, with this config I am able to browse the internet.

    I'm trying to host a server that will be routed thru the openvpn network but I'm unsure how to configure pfsense to nat it. (outside clients cannot reach my internal server thru the openvpn WAN IP)

    i'm partially following this link, tho I'm not sure how to set the 2nd in pfsense (iptables -t nat -A POSTROUTING -d y.y.y.100 -p tcp –dport 6000 -j SNAT --to-source y.y.y.1) -
    https://unix.stackexchange.com/questions/55791/port-forward-to-vpn-client

    *edit- i've configured openvpn device mode as tap



  • 1st: are sure you will really receive incoming packets on your VPN interface? You should have real IP on your VPN interface to accomplish this.
    2nd: add incoming NAT rule for external access, check FROM SOME OTHER LOCATION and watch in States for connections to your internal server. Connection would not work now, but you should see connection attempts to your internal server.
    3rd: go to advanced outbound NAT, create a topmost rule:
    interface: OpenVPN
    source: any
    port: any
    destination: your internal server IP (type: network, your IP, network /32)
    port: specific port or any
    Translation address: Other subnet and type in your LAN address in network format with /32