Redirect traffic to a single external host:port from internal client



  • Okay, here is my situation:

    I've got a program that I can't change (no src, all statically input IPs, etc) and it has to talk to 192.168.1.1 (see attachment).  However, I need to intercept all mail traffic that should go to 192.168.1.1 and put it somewhere else.

    I apologize if this is an easy task… but man I'm stumped!

    Actually, preferrably it could talk to netcat on the pfSense box.
    ![Picture 2.png](/public/imported_attachments/1/Picture 2.png)
    ![Picture 2.png_thumb](/public/imported_attachments/1/Picture 2.png_thumb)



  • Going from memory, but…

    1. Create a port forward
    2. Set interface to LAN
    3. Set proto
    4. Set external address to any
    5. Set external proto to HTTP
    6. Set NATIP to the machine that will receive the "hijacked" connection
    7. Set local port to HTTP
    8. Give it a description
    9. Save

    Now any traffic from LAN -> OUT (HTTP) will be hijacked and sent to the IP entered on the 6th step.

    Obviously change the proto and ports to match what your doing.



  • Awesome.  This worked perfectly.

    I actually ended up having to tunnel (via SSH) to another system to do the delivery, but we can now save an extra 4 hours of manual work a day!

    Much thanks!



  • What I would like to do is similar, but, just a single host IP:port (the pfsense LAN interface address actually) to an internal LAN host:port (port being the same for both).

    What I am trying to do is have LAN:25 (and ONLY LAN:25) being redirected to the internal:25.  All other WAN destinations:25 would be unimpeded.

    I have tried a LAN NAT rules with the "external" source the LAN interface IP and any port to the internal IP port 25.  But, as you might guess, it only works when you are on the pfsense shell such that you are coming from LAN interface IP.  I am sure there is some way to do this.  Maybe it takes more than one NAT rule to do.  Not sure.


Log in to reply