Outbound Nat - redirect website from one IP to another IP

adrianj

Hello everyone,

Ive decided to migrate our company routers from Debian machine to pfSense machine.
This is my firts time touching pfSense and I had a little troubles, but mostly Ive managed to set up everything, but with one think Ive still have a problem.

On old router, Ive got a rule:

iptables -t nat -I PREROUTING 3 -d xxx.xxx.xxx.xxx/27 -j DNAT –to-destination yyy.yyy.yyy.yyy -m comment --comment "DNAT for staging on f1"

why we need it.
if somebody is connecting to www.mycompany.com site from inside our network connection should go through yyy address not xxx. This shows us different version of our website inside our office than outside

Host in DNS is not an answer. why? Because we have 2 seperate networks for workers and public. Some of our workers change network between those, because they need to see office version of website and "for the rest of the world" version. When we do it through DNS sometimes computer or web browser do not refresh its DNS and its remember old one for this host.

Ive tried to do it in Firewall > NAT >Outbound

http://i.imgur.com/jvPx2xi.jpg

but only thing that I achieved was that when I was trying to connect to www.mycompany.com i was getting time out, so something was happening. :D

viragomann

The pfSense outbound NAT only does SNAT, but you need DNAT.
So you have to set a NAT > Port forward rule.
Just add a new rule, select the appropriate interface where the source computers are attached to and enter the origin destination IP and port and the redirect target address and port.

adrianj

ok, I've erased old one from outbound and created a new one in the port forward like on the screen below
http://i.imgur.com/LX8Lvhn.png

and still, I`m getting Time Out

When I change Interface to Public (for now it's where I am testing it) still the same
when Interface is left on WAN and source is chosen "Public Net" or "Public Addresses" site is loading but outside company version (like there was no forward)
but when I choose "Network" and type in Address and Mask the same that I use on Public Interface I am getting Time Out

Am I still missing something or doing some really dumb mistake?

adrianj

OK! I've found the case.

The problem was causing port range. When was it set from http to https there was a Time Out when I changed it to be only https it started to work.

Thank you viragomann, for help and explaining exactly port forwarding and outbound in pfsense. Cheers ;)

viragomann

If you set the port range from HTTP to HTTPS, it means all port from 80 to 443. In this case you have to set the redirect target port to HTTP. But that would not be what you intend.

For your purpose you should add an port alias for HTTP and HTTPS and use this one in the rule. Firewall > Aliases > Ports
Give it a name like "HTTP_HTTPS" and add the ports 80 and 443. Then you can use this alias name as custom option at Destination port and Redirect target port.