Port forwarding from PUBLIC IP to another PUBLIC IP



  • Please, Im new in firewalling and pfsense , but i need to port forwarding one port from public ip to same port in another ip. I'd like to know if i need to make a firewall rule in pfsense (where) . Is there a step by step guide anywhere ? Thanks in advance guys



  • Perhaps I'm missing something, but if you have 2 public IPs, why do you have to port forward?



  • Oh Im sorry. I dont write correctly. I need to port forward from one ip in one server (datacenter A) to another server (datacenter B).
    Pfsense (Datacenter A ) to Ipfire (datacenter B) . All traffic to ip 1.1.1.1 in datacenter A trough port XXX must redirect to ip 2.2.2.2 in datacenter B.

    Thanks for your time and patience



  • @malbor said in Port forwarding from PUBLIC IP to another PUBLIC IP:

    All traffic to ip 1.1.1.1 in datacenter A trough port XXX must redirect to ip 2.2.2.2 in datacenter B.

    That still doesn't sound right. Why not just go direct to 2.2.2.2? Port forwarding is part of NAT, which is used to get around an IPv4 address shortage.



  • Because , we have a lot of machines connected via ip to ip 2.2.2.2 and we must change some machines to connect to ip 1, but step by step. It's a migration from one hosting provider to another. In Ipfire is really simple, but i cant found the way to do in Pfsense.



  • You must do a NAT there to accomplish port forward. In that case you could receive on FW A on 1.1.1.1 on WAN, and then forward to another iface with connectivity (maybe by VPN) to FW B. You can NAT PUBLIC IP over PUBLIC IP.

    If your clients point 1.1.1.1 as destination IP, I would create a lan to ln VPN (OPENvpn prefered) between FW A and FW B, and forward that traffic internally to hosting server in DC B (probably directly to the private IP of hosting in DC B).

    A common "H" connected network (both sites with their WANs on the top, their FW in the middle, and their LANs on the bottom. Crossing traffic between FWs in the middle).

    Maybe Virtual IPs help you there (to listen to another Public IP on the same WAN iface).
    Or you must use BGP with your own ASN to handle routing dynamically.



  • Sounds like you want the pfSense package called Server Load Balancing.
    https://www.netgate.com/docs/pfsense/loadbalancing/inbound-load-balancing.html