IP dependent NAT forwarding

  • I'm just getting started with pfSense but really enjoying it so far. I'm configuring a test installation based on one of our production firewall routers and I've run into something I can't quite figure out how to do. It might be obvious and I'm just not seeing it.

    I need to be able to forward a port on the WAN to a different port on the internal NAT but the rule has to be based on the IP the person is coming from. For example:

    If a client comes in from A.A.A.A on port 22000 I want them to be forwarded to internal IP and port 22. However if a client comes in from B.B.B.B on port 22000 I want them to be rejected. Then to take it one step further if C.C.C.C comes in from port 22000 I want them to forwarded to internal IP 192.168.50 and port 22 (or some other port).

    I've done this with iptables before so I know it's possible I just can't figure out how to do it with pfSense.



  • pf does support this, afaik, but i don't think the gui currently gives you the ability to check based on the source IP.

Log in to reply