Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Redirecting a subnet

    Scheduled Pinned Locked Moved
    NAT
    2
    2
    431
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • P
      pixel24
      last edited by

      Hi@all,

      I am installing a new UCS5 environment in a virtual network (Proxmox).

      vmbr0		8000.a0369f4c3bee	no		ens1f1
							fwpr103p0
							tap100i0
							tap101i0
							tap102i0
							tap104i0
							tap104i1
							tap108i0
							tap110i1
vmbr1		8000.0025905eb00f	no		enp96s0f1
							tap100i1
vmbr2		8000.929421711a2e	no		tap110i0
							tap111i0

      The physical LAN is 192.168.24.0/24. This is in Proxmox at the bridge 'vmbr0'. pfSense is 'connected' to it with the LAN interface.

      Bridge 'vmbr1' is connected to the cable modem. pfSense is 'connected' to it with the WAN interface.

      For the new UCS5 environment I have set up 'vmbr2' 192.168.83.0/24 and installed a new pfSense 'between' vmbr0 and vmbr2.

      This new pfSense has the assignment:

      vmbr0 -> WAN (192.168.24.20)
      vmbr2 -> LAN (192.168.83.254)

      For the installation, I would like to access the new virtual network from the LAN.

      Is there a way to set up a redirection on the 'old' pfSense so that all calls for 192.168.83.0/24 from the network 192.168.24.0/24 are routed to the WAN IP of the 'new' pfSense (192.168.24.20)?

      Does something like this work at all?

      with best
      pixel

      V 1 Reply Last reply Reply Quote 0
      • V
        viragomann @pixel24
        last edited by

        @pixel24 said in Redirecting a subnet:

        For the installation, I would like to access the new virtual network from the LAN

        You have two different LANs. Guess you mean this one 192.168.24.0/24.

        Is there a way to set up a redirection on the 'old' pfSense so that all calls for 192.168.83.0/24 from the network 192.168.24.0/24 are routed to the WAN IP of the 'new' pfSense (192.168.24.20)?

        Really not clear, why you want to do that. But yes, that's doable with a simple port forwarding rule, presupposed the old pfSense is the default gateway in the LAN.
        However, since both source and redirect target are within the same subnet, you need to masquerade the source IP.

        For masquerading add a rule in Firewall > NAT > outbound. If the outbound NAT is in automatic mode, switch into hybrid mode and save this first.
        Then add a new rule:
        interface: LAN
        source: LAN net
        dest.: 192.168.24.20
        translation: interface address (or LAN CARP VIP if any)

        Port forwarding:
        interface: LAN
        source: any
        dest: 192.168.83.0/2
        redirect target: 192.168.24.20

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.