Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Port forwarding to non-LAN subnet

    Scheduled Pinned Locked Moved NAT
    2 Posts 2 Posters 48 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • T
      thomaspsimon
      last edited by

      Hi,

      I would like to enable port forwarding on the WAN IP of our Head Office to forward traffic to an internal IP at the Branch Office. We have a site-to-site IPsec VPN established between both locations, and both ends are running pfSense.

      Head Office subnet: 10.4.0.0/21

      Branch Office subnet: 10.2.0.0/24

      The goal is to forward incoming traffic on port 60000 to 10.2.0.227 (a device at the Branch Office).

      This works fine when the destination IP is part of the Head Office LAN subnet (e.g., 10.4.0.182), but it doesn’t work when the destination is across the VPN at the Branch Office.

      Could you please advise how to achieve this port forwarding setup?

      Thanks!

      V 1 Reply Last reply Reply Quote 0
      • V
        viragomann @thomaspsimon
        last edited by

        @thomaspsimon
        I guess, you're using a policy-based IPSec tunnel.
        If so this is not going to work, unless you route the whole upstream traffic from the branch over the VPN, which might not be desirable.

        It would be doable with any other VPN solution, however, which gives you real routing capability.

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.