NAT/PAT Question

mss_116

This may have been answered many many times before, and I apologize in advance.

I have a few devices that are set in stone on what port they sound out of, and I have multiple devices inside my network that will only allow me to accept on that specific port.  Is there any way I can set up pfSense to allow PAT on this port?

Example

Devices send/receive on port 2500
Device one goes to port 2500 hits pfsense on 2500 pfsense changes to 2501 and back to 2500 before going back to device?

It's a lot of work for for these devices and makes almost no sense for these devices.

Thank you.

GruensFroeschli

With NAT reflection this should be possible.

Just create your normal portforwards
(say 2501 to 2500, 2502 to 2500, etc)
and then access them via the public IP.

Bern

Your description isn't particularly clear; it sounds like you may need AON - Advanced Outbound NAT.

mss_116

Well here's my scenario, I have 4 SonicWall CDP devices.  Their tech support said that their devices only allow connections on port 2022.

Unfortunately, everything I've tried doesn't work.

I'm trying to figure out how to get these 4 devices to work.

I need each one to be able to connect to 2022, but somehow have to have it translate it into a different port somewhere down the line and back to 2022 before it gets back to the cdp device otherwise the device won't accept the connection.

175.20.3.25:2022->63.25.21.25:2022>63.25.21.25:2500>169.254.20.3:2022

Bern

According to this…

http://74.125.77.132/search?q=cache:1JqtBX9menoJ:www.sonicwall.com/downloads/232-001436-00_Rev_A_CDP_3.1_admin_guide.pdf+SonicWall+CDP+port+2022

... it looks like a simple port-forwarding job, as GF originally said.

Setting up NAT in pfSense is usually very straightforward. Please post the relevant portion of your non-functional config.

mss_116

I guess I'm not 100% sure where I create the rules.  Because if I put a NAT for the external IP from 2022 directly to the device it works just dandy.

Do I create the rules first then do the NAT, or vice versa?

GruensFroeschli

What rules are you talking about now?
Firewallrules of NAT rules?

As bern said: post your non-functional config.
Screenshots of the firewall-rules and NAT-rules would probably be enough.