Redirect nat masquerading from external to internal

  • Dear all,

    I have a pfsense 2.0 FreeBSD Box running.

    I need to have a masqueraded portforwarding from external WAN to an internal IP Adress.

    Host_from_internet                        WAN                      LAN                 Redirected Host
                                             >                             Port 44444                            Port 4000

    This scenario above works, but the source IP Adress on the redirected Hosts still stays, and i need to have it masqueraded into pfsense LAN Address

    Unfortunatly nat-to does not work.

    Does one of you have an idea what i could do?

    Thank you

  • Go to "outbound NAT" and create a rule on the LAN interface with as destination your host (
    This is additionally to the normal portforward you already have in place.

  • Hi GruensFroeschli,

    this is a quick reply :)

    This unfortunatly does not work (at least the way i did it)^^

    My Portforwarding:
    If Proto Src. addr Src. ports Dest. addr         Dest. ports NAT IP           NAT Ports Description
    WAN TCP         *         *         WAN address 44444   4004

    My new Outbound:
    Interface Source Source Port Destination  Destination Port NAT Address NAT Port Static Port Description
    LAN  any         44444 5500      5500         NO

    What do i miss here?

    Thank you

  • I assume you're accessing from the outside to the WAN on port 44444 and this traffic will be sent to

    For this port forward your rule should look more like this:
    Interface    Source    Source Port    Destination     Destination Port    NAT Address    NAT Port    Static Port    Description
    LAN      any            *     4004                   *    *            NO

    –> Leave the source port empty. You don't know the source port a client is connecting from.
    --> The destination port has to match the port you use in your port forward. (or you simply set it to any, so all connections to this server are NATed on the pfSense).
    --> Under Translation you don't need to set manually the IP of the interface. You just can select the "Interface address" in the drop down.
    --> Enable static port (to keep the port your client is connecting from), or leave the field empty (to randomize the port). You usually don't want a fixed port here.

  • Thank you!!!!!!!!!!!

    Yeah it's running like a charm!


Log in to reply