Destination Nat



  • Hi  :D
    I'm a little confused how I could do this rule in pfsense.

    iptables -t nat -I PREROUTING -p tcp -s 192.168.0.0/24 –dport 1863 –j DNAT --to-destination 192.168.0.10:1863



  • If I read that correctly you want any connection from 192.168.0.x/24 on port 1863 to be directed instead to 192.168.0.10 on port 1863?

    A simple NAT rule using that logic, on the LAN interface, should do what you're after.



  • Thanks for the help
    Yes I want everything to go out the LAN destination with 1860 forwarded to
    that IP.
    And that ip which had undertaken to send to the web.
    It would be for software IMControl
    I tried manual outbound

    Outbound
    LAN   192.168.0.0/24 * * 1863   192.168.0.10/24 1863  NO

    Port Foward

    LAN TCP 192.168.0.0/24 * WAN net 1863 192.168.0.10 1863

    I do not know how to do that actually



  • (off the top of my head - the documentation will cover more) you'd set up a port forward on the LAN interface for anything EXCEPT 192.168.0.10 on port 1863, to direct that to 192.168.0.10. If you search the forum for running a transparent proxy on another host you'll find mountains of information, since it's exactly the same problem.



  • Thanks for the help
    But I do not know what I might be doing wrong in linux very simple and
    pfsense am little confused
    let's imagine a situation
    A network 192.168.200.0/24 and I have a machine with apache 192.168.200.73
    How to make all Internet packets destined for port 80 is forwarded to 192.168.200.73
    I created a rule in NAT
    LAN TCP * * * 80 (HTTP) 192.168.200.73 80 (HTTP)

    returns

    13:44:09.153024 ARP, Request who-has 192.168.200.1 tell 192.168.200.80, length 46
    13:44:09.153616 ARP, Reply 192.168.200.1 is-at 00:0c:29:7a:b1:53, length 46
    13:44:09.153618 IP 192.168.200.80.3771 > 189.91.192.6.80: tcp 0
    13:44:09.161122 IP 189.91.192.6 > 192.168.200.80: ICMP redirect 189.91.192.6 to host 192.168.200.73, length 56
    13:44:09.161124 IP 189.91.192.6 > 192.168.200.80: ICMP host 189.91.192.6 unreachable - admin prohibited, length 56
    13:44:12.156867 IP 192.168.200.80.3771 > 189.91.192.6.80: tcp 0



  • Did you search the forum for those other threads?



  • Yes I tried
    and the rule in the NAT works
    LAN  TCP  *  *  *  80 (HTTP)  192.168.200.73  80 (HTTP)

    But the ip to respond to GW and the inverse is also true



  • The ICMP redirect indicates some wrong or weird routing config. The ICMP unreachable either the same, or that you're rejecting the traffic with firewall rules.


Locked