Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Outbound Traffic ip forwarding

    Scheduled Pinned Locked Moved
    NAT
    2
    11
    371
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • V
      viragomann @soner_balci
      last edited by

      @soner_balci
      I assume, you're talking about connection from devices inside your local network.
      So you have to do this with a NAT port forward rule. Add a new rule, select the interface, where the connections are coming in, e.g. LAN. If you want to apply this rule to certain source devices only, enter the IP, subnet or alias as source, as destination state 88.88.88.88 and at redirect target enter 99.99.99.99.

      S 1 Reply Last reply Reply Quote 0
      • S
        soner_balci @viragomann
        last edited by

        @viragomann
        both ip's outside my local network

        V 1 Reply Last reply Reply Quote 0
        • V
          viragomann @soner_balci
          last edited by

          @soner_balci
          Then you need both, a port forwarding and an outbound NAT rule. Consider that the latter replaces the origin source IP with your public IP. Hence the destination host can only see your IP, but not the origin source.

          Port forwarding is as explained above, but even you need the rule to apply on the WAN interface.

          In the outbound NAT settings, activate the hybrid mode if it's still in automatic mode.
          Then add a rule similar this:
          interface: WAN (outgoing)
          source: any or certain IPs, subnet, alias
          destination: 99.99.99.99
          translation: interface address

          S 1 Reply Last reply Reply Quote 0
          • S
            soner_balci @viragomann
            last edited by

            @viragomann
            i was traying only port forward or outbound nat.
            now its working. thank you so so much for your help.

            1 Reply Last reply Reply Quote 0
            • S
              soner_balci
              last edited by

              @viragomann
              in my virtual machine its working. but on another physical server it not worked. when i checck status screen i see error like this;

              192.168.1.145:64877 -> 99.99.99.99 (88.88.88.88 :80) CLOSED:SYN_SENT

              V 1 Reply Last reply Reply Quote 0
              • V
                viragomann @soner_balci
                last edited by

                @soner_balci
                I'd not expect to see a private address in this connection status.
                Does this router have a private WAN address?
                If so there must be a router in front of it, who has to do the masquerading accordingly. Rather this router should do the forwarding as well. Maybe that doesn't work or has to be configured yet.

                S 1 Reply Last reply Reply Quote 0
                • S
                  soner_balci @viragomann
                  last edited by

                  @viragomann pfsense wan adress is http://192.168.1.250/. and it working behind a another router.
                  Do I need to do port forwarding on the main router as well?

                  V 1 Reply Last reply Reply Quote 0
                  • V
                    viragomann @soner_balci
                    last edited by

                    @soner_balci
                    So what is the IP 192.168.1.145? The main router?

                    The idea was doing this all on the front router. But maybe that's not possible due to insufficient functions.

                    S 1 Reply Last reply Reply Quote 0
                    • S
                      soner_balci @viragomann
                      last edited by

                      @viragomann 192.168.1.145 is client ip. router 192.168.1.1. front router is not advanced enough to do this job. thats why i want to do this with pfsense

                      V 1 Reply Last reply Reply Quote 0
                      • V
                        viragomann @soner_balci
                        last edited by

                        @soner_balci
                        The the request does obviously not come from the internet.
                        Otherwise you should not see a private source IP.

                        1 Reply Last reply Reply Quote 0
                        • First post
                          Last post