NAT/PAT Question



  • This may have been answered many many times before, and I apologize in advance.

    I have a few devices that are set in stone on what port they sound out of, and I have multiple devices inside my network that will only allow me to accept on that specific port.  Is there any way I can set up pfSense to allow PAT on this port?

    Example

    Devices send/receive on port 2500
    Device one goes to port 2500 hits pfsense on 2500 pfsense changes to 2501 and back to 2500 before going back to device?

    It's a lot of work for for these devices and makes almost no sense for these devices.

    Thank you.



  • With NAT reflection this should be possible.

    Just create your normal portforwards
    (say 2501 to 2500, 2502 to 2500, etc)
    and then access them via the public IP.



  • Your description isn't particularly clear; it sounds like you may need AON - Advanced Outbound NAT.



  • Well here's my scenario, I have 4 SonicWall CDP devices.  Their tech support said that their devices only allow connections on port 2022.

    Unfortunately, everything I've tried doesn't work.

    I'm trying to figure out how to get these 4 devices to work.

    I need each one to be able to connect to 2022, but somehow have to have it translate it into a different port somewhere down the line and back to 2022 before it gets back to the cdp device otherwise the device won't accept the connection.

    175.20.3.25:2022->63.25.21.25:2022>63.25.21.25:2500>169.254.20.3:2022



  • According to this…

    http://74.125.77.132/search?q=cache:1JqtBX9menoJ:www.sonicwall.com/downloads/232-001436-00_Rev_A_CDP_3.1_admin_guide.pdf+SonicWall+CDP+port+2022

    ... it looks like a simple port-forwarding job, as GF originally said.

    Setting up NAT in pfSense is usually very straightforward. Please post the relevant portion of your non-functional config.



  • I guess I'm not 100% sure where I create the rules.  Because if I put a NAT for the external IP from 2022 directly to the device it works just dandy.

    Do I create the rules first then do the NAT, or vice versa?



  • What rules are you talking about now?
    Firewallrules of NAT rules?

    As bern said: post your non-functional config.
    Screenshots of the firewall-rules and NAT-rules would probably be enough.


Log in to reply