Rewrite an internal IP destination to an external IP destination



  • I have a weird "lab" request.  I test hardware that is designed to be locally connected to a machine that has a client installed. It will only talk to the server (192.168.0.1:443) if the client ip is in that same subnet.

    Example:
    client ip =192.168.0.100
    server ip = 192.168.0.1
    This works no problem.

    The issue I have is I need the server to reside on another network accessible via public IP.  This is so I can test the software against the hardware that exists in a remote lab.  What i want to do is redirect all traffic destined for 192.168.0.1 (internal) to 1.2.3.4 (external).  The server will accept a connection from any ip address it is the client software that has a problem.

    Here is a rough diagram:

    Client 192.168.0.100
      |
      |
    Pfsense 192.168.0.254 LAN GW
      |        4.5.6.7 (public IP)
      |
      |
    remote FW (1.2.3.4)
      |
      |
    server 192.168.0.1 (port forwarding setup to forward 1.2.3.4:443 to 192.168.0.1)

    I want to have pfsense take traffic destined for 192.168.0.1:443 on the LAN interface and redirect to the external interface re-writing the destination to 1.2.3.4:443
    *caveat: the client software requires that the configured server address (192.168.0.1) be a member of the local subnet on the machine.  in other words the client local adapter cannot be 172.16.0.100 and the server be 192.168.0.1.



  • At first you have to add the fictive server address 192.168.0.1 to the pfSense LAN interface as an IP alias. Firewall > Virtual IP.

    Then add a port forwarding rule:
    interface: LAN
    Protocol: <set it="" to="" match="" your="" needs="">source: 192.168.0.100
    Destination: 192.168.0.1
    Destination port range: HTTPS
    Redirect target IP: 1.2.3.4
    Redirect target port: HTTPS

    That should work for you.</set>