Port forwarding to multiple destination machines

  • Hi all,
      I have a rather odd question so I could use some pfsense expert input.  We have a small test system that is fed data from an outside party we integrate with.  Currently I just do a port forward from our WAN to a machine in our DMZ.  We need to start working on some new protocol parsing, so I'd like to forward data from external port 8080 to port 8080 on 2 different boxes.  1 is in our DMZ, and 1 is a developer machine in our LAN.  Is there any way to do this in pfsense either out of the box or with an add on?  The messages are using TCP, not UDP, so I know an ACK would need to be sent for the original TCP packets.  This introduces a problem, but I'd prefer to do it with with pfSense rather than write an application that collects and forwards data.


  • I dont think this is possible.
    Not from the pfSense side, but from the side of the second computer receiving the copied traffic.

    If it's just about sending all the traffic going to computer1 to computer2 as well: why dont you use a switch which supports mirroring?
    Set the interface on the developer computer into promiscuous and process the data.

    Or how did you imagine you'd want to keep the developer computer from responding to the "copied" traffic as well?

  • If both need to interact with the sender (ie, TCP) then you're going to have to write a proxy/forwarder to perform the initial receipt and then forward on multiple copies.

Log in to reply