WAN IP redirect to LAN



  • I am having a hard time finding anything on this other than completely redirecting every connection to an internal host or port forwarding. I DO NOT want to do either one. I have, for years, used OpenBSD to redirect inbound on the WAN, specific IPs to specific hosts on the LAN. Due to circumstances, I need to be able to do this in pfsenses' GUI.
    specific external IP -> pfsense WAN interface -> specific IP on LAN( or other interface) . My guess is that this is simpler than I think and can't translate it in my head from openbsd to freebsd. Any help ?



  • I don't understand. You say you don't want to NAT, but then describe the exact scenario for NAT. If you have multiple public IP addresses, then you can create virtual IPs and then use those as the WAN to NAT from. Perhaps if you describe exactly what you need to do, we can come up with a solution.


  • Netgate Administrator

    Like based on source IP maybe? You can set that too in a port forward or 1:1 NAT.

    Steve



  • I did finally get it figured out. Port forwarding apparently is the same place you would forward one IP to another IP you just have to list all the port numbers 1-65535 because you probably will not know the service you may want to connect to. That was key to what I wanted to do. The GUI verbage confused me. Then of course the rules to allow access from one network or host to another. Thank youo for the replies.


  • Netgate Administrator

    If you need to forward every port use a 1:1 NAT rule. That will also NAT outbound connections from the internal target IP but if it's from the WAN address anyway that doesn't chnage anything.

    Steve



  • Yes, exactly like based on source IP. Whitelisting an incoming IP to be forwarded to an internal host.

    Gary


  • Netgate Administrator

    Ah, well you can do that too. Most people never want to set that as a port forward is applied to traffic from anywhere but you can set the source address in a port forward.
    Confusingly that same setting in the 1:1NAT is Destination as it's used for outgoing connections too:

    The 1:1 mapping will only be used for connections to or from the specified destination. Hint: this is usually "Any". 
    

    Steve


Log in to reply