Redirect nat masquerading from external to internal

marloos

Dear all,

I have a pfsense 2.0 FreeBSD Box running.

I need to have a masqueraded portforwarding from external WAN to an internal IP Adress.

Host_from_internet                        WAN                      LAN                 Redirected Host
                                                88.88.88.88            192.168.9.1      
99.99.99.99=>                             Port 44444                                     192.168.9.2 Port 4000

This scenario above works, but the source IP Adress on the redirected Hosts still stays 99.99.99.99, and i need to have it masqueraded into pfsense LAN Address 192.168.9.1

Unfortunatly nat-to does not work.

Does one of you have an idea what i could do?

Thank you
Marcus

GruensFroeschli

Go to "outbound NAT" and create a rule on the LAN interface with as destination your host (192.168.9.2).
This is additionally to the normal portforward you already have in place.

marloos

Hi GruensFroeschli,

this is a quick reply :)

This unfortunatly does not work (at least the way i did it)^^

My Portforwarding:
If Proto Src. addr Src. ports Dest. addr         Dest. ports NAT IP           NAT Ports Description
WAN TCP         *         *         WAN address 44444         192.168.9.2   4004

My new Outbound:
Interface Source Source Port Destination  Destination Port NAT Address NAT Port Static Port Description
LAN  any         44444        192.168.9.2/32 5500               192.168.9.1/32 5500         NO

What do i miss here?

Thank you
Marcus

GruensFroeschli

I assume you're accessing from the outside to the WAN on port 44444 and this traffic will be sent to 192.168.9.2:4004

For this port forward your rule should look more like this:
Interface    Source    Source Port    Destination     Destination Port    NAT Address    NAT Port    Static Port    Description
LAN      any            *           192.168.9.2/32    4004                   *    *            NO

–> Leave the source port empty. You don't know the source port a client is connecting from.
--> The destination port has to match the port you use in your port forward. (or you simply set it to any, so all connections to this server are NATed on the pfSense).
--> Under Translation you don't need to set manually the IP of the interface. You just can select the "Interface address" in the drop down.
--> Enable static port (to keep the port your client is connecting from), or leave the field empty (to randomize the port). You usually don't want a fixed port here.

marloos

Thank you!!!!!!!!!!!

Yeah it's running like a charm!

Marcus