Redirect nat masquerading from external to internal
-
Dear all,
I have a pfsense 2.0 FreeBSD Box running.
I need to have a masqueraded portforwarding from external WAN to an internal IP Adress.
Host_from_internet WAN LAN Redirected Host
88.88.88.88 192.168.9.1
99.99.99.99=> Port 44444 192.168.9.2 Port 4000This scenario above works, but the source IP Adress on the redirected Hosts still stays 99.99.99.99, and i need to have it masqueraded into pfsense LAN Address 192.168.9.1
Unfortunatly nat-to does not work.
Does one of you have an idea what i could do?
Thank you
Marcus -
Go to "outbound NAT" and create a rule on the LAN interface with as destination your host (192.168.9.2).
This is additionally to the normal portforward you already have in place. -
Hi GruensFroeschli,
this is a quick reply :)
This unfortunatly does not work (at least the way i did it)^^
My Portforwarding:
If Proto Src. addr Src. ports Dest. addr Dest. ports NAT IP NAT Ports Description
WAN TCP * * WAN address 44444 192.168.9.2 4004My new Outbound:
Interface Source Source Port Destination Destination Port NAT Address NAT Port Static Port Description
LAN any 44444 192.168.9.2/32 5500 192.168.9.1/32 5500 NOWhat do i miss here?
Thank you
Marcus -
I assume you're accessing from the outside to the WAN on port 44444 and this traffic will be sent to 192.168.9.2:4004
For this port forward your rule should look more like this:
Interface Source Source Port Destination Destination Port NAT Address NAT Port Static Port Description
LAN any * 192.168.9.2/32 4004 * * NO–> Leave the source port empty. You don't know the source port a client is connecting from.
--> The destination port has to match the port you use in your port forward. (or you simply set it to any, so all connections to this server are NATed on the pfSense).
--> Under Translation you don't need to set manually the IP of the interface. You just can select the "Interface address" in the drop down.
--> Enable static port (to keep the port your client is connecting from), or leave the field empty (to randomize the port). You usually don't want a fixed port here. -
Thank you!!!!!!!!!!!
Yeah it's running like a charm!
Marcus