NAT Between VLANs
-
Greetings everyone,
I've set up a couple of VLANs (20 for servers, 40 for users) on a pfSense 2.0RC1 box, and want to NAT some traffic between them. As a test, I'm starting with RDPing (port 3389) from a computer on VLAN 40 (src 10.0.40.100, gw 10.0.40.1) to VLAN 20 (dst 10.0.20.10, gw 10.0.20.1). This is the Port Foward rule I set up:
Interface: USERS (vlan40)
Protocol: TCP
Source Address: USERS subnet
Source Port: Any
Destination: USERS Address (10.0.40.1)
Destination Port: MS RDP (3389)
Redirect Target IP: 10.0.20.10
Redirect Target Port: MS RDP (3389)
NAT Reflection: EnableThe Port Forward rule above is linked to an automatically generated firewall rule. This is probably unnecessary at the moment, as all VLAN interfaces currently have an 'allow from local to any' rule in place for testing purposes.
I'm not sure why this isn't working. On the 10.0.40.100 host, I'm trying to RDP to 10.0.40.1, at which point this rule should forward the traffic to 10.0.20.10. Is my rule above wrong, or am I missing something else?
Any help would be greatly appreciated.
-
Did you untick Block private networks for users? Correct CIDR?
else I would use rule logging and http://doc.pfsense.org/index.php/Sniffers,_Packet_Capture -
Im a bit confused.. Why would you want to nat between vlans?
If you want to access 10.0.20.10, why would you not just rdp to 10.0.20.10??
