Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    WAN IP redirect to LAN

    General pfSense Questions
    3
    7
    420
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • K
      keeng1
      last edited by

      I am having a hard time finding anything on this other than completely redirecting every connection to an internal host or port forwarding. I DO NOT want to do either one. I have, for years, used OpenBSD to redirect inbound on the WAN, specific IPs to specific hosts on the LAN. Due to circumstances, I need to be able to do this in pfsenses' GUI.
      specific external IP -> pfsense WAN interface -> specific IP on LAN( or other interface) . My guess is that this is simpler than I think and can't translate it in my head from openbsd to freebsd. Any help ?

      1 Reply Last reply Reply Quote 0
      • KOMK
        KOM
        last edited by

        I don't understand. You say you don't want to NAT, but then describe the exact scenario for NAT. If you have multiple public IP addresses, then you can create virtual IPs and then use those as the WAN to NAT from. Perhaps if you describe exactly what you need to do, we can come up with a solution.

        1 Reply Last reply Reply Quote 0
        • stephenw10S
          stephenw10 Netgate Administrator
          last edited by

          Like based on source IP maybe? You can set that too in a port forward or 1:1 NAT.

          Steve

          1 Reply Last reply Reply Quote 0
          • K
            keeng1
            last edited by

            I did finally get it figured out. Port forwarding apparently is the same place you would forward one IP to another IP you just have to list all the port numbers 1-65535 because you probably will not know the service you may want to connect to. That was key to what I wanted to do. The GUI verbage confused me. Then of course the rules to allow access from one network or host to another. Thank youo for the replies.

            1 Reply Last reply Reply Quote 0
            • stephenw10S
              stephenw10 Netgate Administrator
              last edited by

              If you need to forward every port use a 1:1 NAT rule. That will also NAT outbound connections from the internal target IP but if it's from the WAN address anyway that doesn't chnage anything.

              Steve

              1 Reply Last reply Reply Quote 0
              • K
                keeng1
                last edited by

                Yes, exactly like based on source IP. Whitelisting an incoming IP to be forwarded to an internal host.

                Gary

                1 Reply Last reply Reply Quote 0
                • stephenw10S
                  stephenw10 Netgate Administrator
                  last edited by

                  Ah, well you can do that too. Most people never want to set that as a port forward is applied to traffic from anywhere but you can set the source address in a port forward.
                  Confusingly that same setting in the 1:1NAT is Destination as it's used for outgoing connections too:

                  The 1:1 mapping will only be used for connections to or from the specified destination. Hint: this is usually "Any".

                  Steve

                  1 Reply Last reply Reply Quote 0
                  • First post
                    Last post
                  Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.