Redirect nat masquerading from external to internal



  • Dear all,

    I have a pfsense 2.0 FreeBSD Box running.

    I need to have a masqueraded portforwarding from external WAN to an internal IP Adress.

    Host_from_internet                        WAN                      LAN                 Redirected Host
                                                    88.88.88.88            192.168.9.1      
    99.99.99.99=>                             Port 44444                                     192.168.9.2 Port 4000

    This scenario above works, but the source IP Adress on the redirected Hosts still stays 99.99.99.99, and i need to have it masqueraded into pfsense LAN Address 192.168.9.1

    Unfortunatly nat-to does not work.

    Does one of you have an idea what i could do?

    Thank you
    Marcus



  • Go to "outbound NAT" and create a rule on the LAN interface with as destination your host (192.168.9.2).
    This is additionally to the normal portforward you already have in place.



  • Hi GruensFroeschli,

    this is a quick reply :)

    This unfortunatly does not work (at least the way i did it)^^

    My Portforwarding:
    If Proto Src. addr Src. ports Dest. addr         Dest. ports NAT IP           NAT Ports Description
    WAN TCP         *         *         WAN address 44444         192.168.9.2   4004

    My new Outbound:
    Interface Source Source Port Destination  Destination Port NAT Address NAT Port Static Port Description
    LAN  any         44444        192.168.9.2/32 5500               192.168.9.1/32 5500         NO

    What do i miss here?

    Thank you
    Marcus



  • I assume you're accessing from the outside to the WAN on port 44444 and this traffic will be sent to 192.168.9.2:4004

    For this port forward your rule should look more like this:
    Interface    Source    Source Port    Destination     Destination Port    NAT Address    NAT Port    Static Port    Description
    LAN      any            *           192.168.9.2/32    4004                   *    *            NO

    –> Leave the source port empty. You don't know the source port a client is connecting from.
    --> The destination port has to match the port you use in your port forward. (or you simply set it to any, so all connections to this server are NATed on the pfSense).
    --> Under Translation you don't need to set manually the IP of the interface. You just can select the "Interface address" in the drop down.
    --> Enable static port (to keep the port your client is connecting from), or leave the field empty (to randomize the port). You usually don't want a fixed port here.



  • Thank you!!!!!!!!!!!

    Yeah it's running like a charm!

    Marcus


Log in to reply