Specific host routing question
-
So I've managed to confuse myself totally.
I have the following scenario:
Device with public IP X sends all traffic to public IP address Y which needs to be NATed (through pfsense) to private IP A.
Device with private IP A needs to send all traffic destined for public IP X NATed (through pfsense) as public IP Y to X and only X.
No other inbound traffic (other than reciprocal traffic in response to private device A making an outbound request (update D/L, etc, etc)) routed/NATed to A.
I don't often need any special rules and my testing so far has been fruitless.
Please Help!
Thanks,
Tracy -
So this device at public IP A is not using pfsense as its default gateway I take it..
So you would need to create a route on this device with IP A to use pfsense IP on the A network as its gateway to get to public IP X.. So what OS is this device on IP A running. Commands would be a bit different depending on the OS..
But lets say its windows…
route ADD 157.123.45.23 MASK 255.255.255.255 192.168.1.1
Where the 157 is the IP of X, and 192.168.1.1 is the IP of pfsense interface on network A.
-
Actually IP address A is a private IP behind the pfSense box.
Device with public IP X supplies SIP voice traffic to a specific public/route-able IP address (in this case public IP address Y). I need to ensure that only traffic from X going to Y gets through pfSense to the IP PBX at private IP address A.
No other public traffic should be allowed through unless it is in response to an OUTBOUND request from the PBX.
Also for two-way voice to work all outbound traffic from private IP address A should appear to come from public IP Y not the default public IP of the pfsense router with ip address Z (which IS in the same subnet as public IP Y).
Also the PBX is Linux (Redhat/Centos/Scientific) based.
Thank You,
Tracy -
"I need to ensure that only traffic from X going to Y gets through pfSense to the IP PBX at private IP address A."
That would be simple restriction on your port forward/firewall rule to limit who can access the port forward..
As to having traffic use a different public IP on pfsense - this is simple policy route and or outbound nat setting.