Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    How to allow Wan to Wan Port forwarding?

    Scheduled Pinned Locked Moved Routing and Multi WAN
    6 Posts 3 Posters 1.0k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • XENofobiaX
      XENofobia
      last edited by

      Hi!
      I can't use a VPN or proxy to solve my problem.
      I just need to redirect the IP from the external WAN to another IP and port from the external WAN.
      I have one network card and I don't use local network (I don't need it).
      pfSense is installed on a dedicated server.
      I'm trying to create a NAT rule but it doesn't work.
      What are my ideas to allow traffic to the global network?
      Outgoing packets go successfully, incoming packets only to the web interface. The firewall rules don't work.

      Translated with www.DeepL.com/Translator (free version)

      V 1 Reply Last reply Reply Quote 0
      • V
        viragomann @XENofobia
        last edited by

        @xenofobia said in How to allow Wan to Wan Port forwarding?:

        I just need to redirect the IP from the external WAN to another IP and port from the external WAN.

        Redirect to another IP on the same interface?

        XENofobiaX 1 Reply Last reply Reply Quote 1
        • XENofobiaX
          XENofobia @viragomann
          last edited by XENofobia

          @viragomann
          nope, I'm need redirect from external network to external network.
          For example, user from Canada 100.42.23.* will connect to my dedicated server in Holland IP 181.214.206.:1234 and next it should be forward to my dedicated server in USA 102.129.201.:80, that is, these are IPs from external different networks!
          Of course my dedicated server has one network card and one IP

          V 1 Reply Last reply Reply Quote 0
          • V
            viragomann @XENofobia
            last edited by

            @xenofobia
            Consider that this only works in combination with masquerading, i.e. the destination server sees your IP instead of the origin.

            The forwarding works with a simple port forwarding rule as you can add it for internal destination.

            For the masquerading go into the outbound NAT settings, select the hybrid mode (or also manual, since you don't use internal networks) and save that.
            Then add a rule to WAN where you have to set the source and destination to any, translation address is "interface address", which is even default, and save it.

            That's the whole magic.

            XENofobiaX 1 Reply Last reply Reply Quote 0
            • XENofobiaX
              XENofobia @viragomann
              last edited by

              @viragomann
              You are a genius! It works!
              I am very grateful to you!!!

              1 Reply Last reply Reply Quote 0
              • P
                planetinse
                last edited by

                I do this with HAproxy - it also supports keeping the original source IP to the destination, I can also terminate SSL/TLS and change ports along the way - very versatile :)

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post
                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.