Nat from LAN to LAN
bdf0506 last edited by
I have a dumb piece of locked down piece of software that will ONLY allow access to it from the same /24 network that the device is on. It does not allow this to be changed. Unfortunately, that won't work on my network topology, and looking for ways around this. I believe a NAT of some sort should work, but not entirely sure.
Essentially, I think I need to map an address that is on vlan20 to forward to an address on vlan30.
So let's say that vlan 20 is 10.10.20.0/24 and vlan30 is 10.10.30.0/24. When I am on vlan20 (let's say my IP is 10.10.20.105) I want to be able to access the device on vlan30 (10.10.30.200). My pfSense allows this today, but it's the "security" in the device on 10.10.30.200 that will only accept connections from 10.10.30.0/24. How can I get around this? I am thinking I should be able to set up a NAT saying that when I go to 10.10.20.200 it will forward to 10.10.30.200.
It's worth noting that I am running pfSense on a physical 2 port device. re0 is the WAN side, re1 is the LAN side. So for any of what I described to work, it will all flow through re1.
Is this possible to do with pfSense? Any help is greatly appreciated!
viragomann last edited by
Forwarding is no solution here. That translates the destination address to another one, however, your crap device won't work with that, since the source address is out of another subnet.
What you need here is translating the source address into one out of the subnet of the concerned device and which is assigned to the pfSense interface, so that responses are sent back to pfSense.
That can be achieved by outbound NAT in pfSense. Firewall > NAT > Outbound
If the outbound NAT is still working in automatic mode, select the hybrid mode and save that setting first.
Then add a new rule. According to your example, select the VLAN30 interface (the interface facing to the problematic device), at destination enter 10.10.30.200, at translation address select "interface address" which is the default value. Save it.
Accessing the device should work now.