Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    NAT source rewrite from External sources (WAN) to (LAN) interface IP address

    NAT
    2
    5
    16217
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      shon last edited by

      I'm trying to figure out how to rewrite the SRC IP of external clients hitting my internal Apache webserver to the LAN interface IP address of the firewall.

      1.   _______
                                                                            ||            ||
                                                                            ||||
                                                                           |
      __|
                                                           HTTP request to example.com = 4.4.4.4
                                                                   External IP of client: 5.5.5.5

      WAN IP
                   4.4.4.4
                _____________                                                                                                                                                             _____________                                    
                | pfsense 2.0.1   |               3.    Rewritten SRC IP request from the firewall                                                                       | Apache             |
                |                        |            –-------------------------------------------------------------------------                                                                   |        Web          |
                |                        |              src ip 192.168.1.1 dst IP 192.168.1.10 dst port 80 ->                                                                |    Server           |
                |                        |             ---------------------------------------------------------------------------                                                                  |                        |
                | ____________ |                                                                                                                                                            |   192.168.1.10  |
                    LAN IP                                                                                                                                                                       _____________
                  192.168.1.1

      1. Packet requests comes in to 4.4.4.4 (WAN Port on pfsense) on port 80 from an External client of 5.5.5.5

      2. Rewrite External SRC IP 5.5.5.5 to the LAN IP Address of the firewall   which is 192.168.1.1

      3. Send that request to the Web Server of 192.168.1.10  with the SRC IP of 192.168.1.1 instead of coming from 5.5.5.5

      Thanks!

      1 Reply Last reply Reply Quote 0
      • S
        shon last edited by

        This looks like the iptables command (Reverse NAT) that I would use, but I don't know how to do that in the GUI of pfsense.

        iptables -t nat -A PREROUTING -i eth1 -j DNAT -d 4.4.4.4 –to 192.168.1.1

        1 Reply Last reply Reply Quote 0
        • jimp
          jimp Rebel Alliance Developer Netgate last edited by

          • Switch to manual outbound NAT (Firewall > NAT, outbound tab)
          • Add a rule for the LAN interface, source of ANY, destination of 192.168.1.10, translation = Interface address.

          Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

          Need help fast? Netgate Global Support!

          Do not Chat/PM for help!

          1 Reply Last reply Reply Quote 0
          • S
            shon last edited by

            That worked like a charm!

            Thanks!

            1 Reply Last reply Reply Quote 0
            • S
              shon last edited by

              @shon:

              I was able to accomplish this but without having to select the "Manual Outbound NAT rule generation".  The rule was good enough to do the job.

              Thanks!

              1 Reply Last reply Reply Quote 0
              • First post
                Last post