Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Redirect nat masquerading from external to internal

    Scheduled Pinned Locked Moved NAT
    5 Posts 2 Posters 9.5k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      marloos
      last edited by

      Dear all,

      I have a pfsense 2.0 FreeBSD Box running.

      I need to have a masqueraded portforwarding from external WAN to an internal IP Adress.

      Host_from_internet                        WAN                      LAN                 Redirected Host
                                                      88.88.88.88            192.168.9.1      
      99.99.99.99=>                             Port 44444                                     192.168.9.2 Port 4000

      This scenario above works, but the source IP Adress on the redirected Hosts still stays 99.99.99.99, and i need to have it masqueraded into pfsense LAN Address 192.168.9.1

      Unfortunatly nat-to does not work.

      Does one of you have an idea what i could do?

      Thank you
      Marcus

      1 Reply Last reply Reply Quote 0
      • GruensFroeschliG
        GruensFroeschli
        last edited by

        Go to "outbound NAT" and create a rule on the LAN interface with as destination your host (192.168.9.2).
        This is additionally to the normal portforward you already have in place.

        We do what we must, because we can.

        Asking questions the smart way: http://www.catb.org/esr/faqs/smart-questions.html

        1 Reply Last reply Reply Quote 0
        • M
          marloos
          last edited by

          Hi GruensFroeschli,

          this is a quick reply :)

          This unfortunatly does not work (at least the way i did it)^^

          My Portforwarding:
          If Proto Src. addr Src. ports Dest. addr         Dest. ports NAT IP           NAT Ports Description
          WAN TCP         *         *         WAN address 44444         192.168.9.2   4004

          My new Outbound:
          Interface Source Source Port Destination  Destination Port NAT Address NAT Port Static Port Description
          LAN  any         44444        192.168.9.2/32 5500               192.168.9.1/32 5500         NO

          What do i miss here?

          Thank you
          Marcus

          1 Reply Last reply Reply Quote 0
          • GruensFroeschliG
            GruensFroeschli
            last edited by

            I assume you're accessing from the outside to the WAN on port 44444 and this traffic will be sent to 192.168.9.2:4004

            For this port forward your rule should look more like this:
            Interface    Source    Source Port    Destination     Destination Port    NAT Address    NAT Port    Static Port    Description
            LAN      any            *           192.168.9.2/32    4004                   *    *            NO

            –> Leave the source port empty. You don't know the source port a client is connecting from.
            --> The destination port has to match the port you use in your port forward. (or you simply set it to any, so all connections to this server are NATed on the pfSense).
            --> Under Translation you don't need to set manually the IP of the interface. You just can select the "Interface address" in the drop down.
            --> Enable static port (to keep the port your client is connecting from), or leave the field empty (to randomize the port). You usually don't want a fixed port here.

            We do what we must, because we can.

            Asking questions the smart way: http://www.catb.org/esr/faqs/smart-questions.html

            1 Reply Last reply Reply Quote 0
            • M
              marloos
              last edited by

              Thank you!!!!!!!!!!!

              Yeah it's running like a charm!

              Marcus

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.