Conditional NAT?



  • Hi all,

    Would it be possible to do conditional NAT'ting with PfSense 1.2.3-RC2?

    When an external connection is initiated from xxx.xxx.xxx.xx1 to port 443/TCP to the WAN address it gets 1:1 NAT to 192.168.1.1:10000
    When an external connection is initiated from xxx.xxx.xxx.xx2 to port 443/TCP to the WAN address it gets 1:1 NAT to 192.168.1.1:443

    So, apply different NAT rules depending on the orignating IP address? In my case this is very useful as I've only got VERY limited ports available to to the firewall config at work, it only allows 21, 80 and 443. I would like 443/TCP to be NAT'ted to the web interface running on port 10000/TCP but if a friend of mine (who uses OpenVPN to my box) connects (from a different IP) on the same port he needs to be NAT'ted to the OpenVPN server running on port 443/TCP.

    Can this be done?



  • Currently not possible in the GUI.



  • @GruensFroeschli:

    Currently not possible in the GUI.

    Sound like I can edit the config file manually? Or does it go deeper then that?

    either way it's probably not supported..  ;D



  • @GruensFroeschli:

    Currently not possible in the GUI.

    I'm trying something very similar and can't get it working, maybe it's the same thing.

    I want to take numerous external IP's and have them RDP into different servers behind the firewall ex:

    ext xxx.xxx.xxx.xx1 -> int 192.168.0.2
    ext xxx.xxx.xxx.xx2 -> int 192.168.0.3

    I can do this on my current netgear FVS338's but can't get pfsense to do the same. I could tell everyone to use a different external port but that would get cumbersome.



  • It just occured to me my last post wasn't clear. I need to forward RDP (3389) from different external IP's to different internal IP's.

    I tried setting up multiple rules after creating a single NAT rule, with different source IP's but it only hit on the first rule even if the source IP was not the same.


Log in to reply