Forwarding traffic to IPSEC ?

  • Hi,

    I have a "simple" problem.

    I have one pfsense box with dynamic IP & ADSL. I can't have more public IP from my ISP but i have to open two ssl websites.
    So i build another pfsense box in a datacenter with 2 public IP.
    I create ipsec tunnel between the pfsense box, it's working.

    Pfsense Box 1 : DHCP for WAN / LAN Net
    Pfsense Box 2 : WAN IP / + 1 virtual IP

    From pfsense box 2, i can ping

    Now i just want to redirect virtual ip to …

    Is this possible ?

    I tried NAT (port 80), i tried 1:1, nothing is working...



  • I think the problem is that web server default gateway sends traffic back direct to clients public ip to internet.

    If you can do outbound nat on firewall to translate client ip to firewall ip(, then server can send traffic back to the correct link.

  • No it's not working… i have error in firewall from pfsense box 1, traffic from a client to "blocked" ...
    I create a rules to pass, same result.

  • Can you monitor traffic on console or via web gui to see what is happening to package traffic?

  • I move to GRE Tunnel over IPSEC.

    Now i have one more interface on pfsense and i can ping remote side with it from GUI.
    I left GRE Interface on "none", i add gateway for GRE and add a route for remote LAN Subnet.

    From pfsense box 2 (, i can ping my web server and from pfsense box 1 (, i can ping pfsense box 1 (
    I can ping with GRE IP adress (

    But from server behind pfsense, i can't ping remote side ?

    It's a problem with outbound NAT may be ?

Log in to reply