Destination Nat

felipeortega

Hi  :D
I'm a little confused how I could do this rule in pfsense.

iptables -t nat -I PREROUTING -p tcp -s 192.168.0.0/24 –dport 1863 –j DNAT --to-destination 192.168.0.10:1863

Cry Havok

If I read that correctly you want any connection from 192.168.0.x/24 on port 1863 to be directed instead to 192.168.0.10 on port 1863?

A simple NAT rule using that logic, on the LAN interface, should do what you're after.

felipeortega

Thanks for the help
Yes I want everything to go out the LAN destination with 1860 forwarded to
that IP.
And that ip which had undertaken to send to the web.
It would be for software IMControl
I tried manual outbound

Outbound
LAN   192.168.0.0/24 * * 1863   192.168.0.10/24 1863  NO

Port Foward

LAN TCP 192.168.0.0/24 * WAN net 1863 192.168.0.10 1863

I do not know how to do that actually

Cry Havok

(off the top of my head - the documentation will cover more) you'd set up a port forward on the LAN interface for anything EXCEPT 192.168.0.10 on port 1863, to direct that to 192.168.0.10. If you search the forum for running a transparent proxy on another host you'll find mountains of information, since it's exactly the same problem.

felipeortega

Thanks for the help
But I do not know what I might be doing wrong in linux very simple and
pfsense am little confused
let's imagine a situation
A network 192.168.200.0/24 and I have a machine with apache 192.168.200.73
How to make all Internet packets destined for port 80 is forwarded to 192.168.200.73
I created a rule in NAT
LAN TCP * * * 80 (HTTP) 192.168.200.73 80 (HTTP)

returns

13:44:09.153024 ARP, Request who-has 192.168.200.1 tell 192.168.200.80, length 46
13:44:09.153616 ARP, Reply 192.168.200.1 is-at 00:0c:29:7a:b1:53, length 46
13:44:09.153618 IP 192.168.200.80.3771 > 189.91.192.6.80: tcp 0
13:44:09.161122 IP 189.91.192.6 > 192.168.200.80: ICMP redirect 189.91.192.6 to host 192.168.200.73, length 56
13:44:09.161124 IP 189.91.192.6 > 192.168.200.80: ICMP host 189.91.192.6 unreachable - admin prohibited, length 56
13:44:12.156867 IP 192.168.200.80.3771 > 189.91.192.6.80: tcp 0

Cry Havok

Did you search the forum for those other threads?

felipeortega

Yes I tried
and the rule in the NAT works
LAN  TCP  *  *  *  80 (HTTP)  192.168.200.73  80 (HTTP)

But the ip to respond to GW and the inverse is also true

cmb

The ICMP redirect indicates some wrong or weird routing config. The ICMP unreachable either the same, or that you're rejecting the traffic with firewall rules.