RE: port forwards
Another quick question,
Port forwarding seems to be working intermittantly, I know it has something to do with routes involved.
Here's what I have done.
Setup port forward for port 80 from any wan ip to 192.168.20.2, the catch is that 192.168.20.2 doens't currently use the pfsense box as it's gateway. What route do I have to add to get this working either on the pf sense box or the client machine?
Any help is greatly appreciated!
on the 192.168.20.2 box you need a route for 192.168.20.0 255.255.255.0 with as gateway the pfsense box
I just added the route, now it appears as the following…
192.168.20.0 192.168.20.135 255.255.255.0 UG 0 0 0 eth1
This shows up as the first route on the list, although the port forward still refuses to function. Must the route be the default gateway for the NAT rules to function? The OS is Gentoo by the way. In testing with windows, changing the gateway to the router and forwarding RDP works fine.
there isn't any way to make this work without changing the client machine's gateway, unless you can do some sort of policy routing on the client machine to properly direct the reply traffic. This is a Linux question really, probably not something you'll find much help here with. Most of us are BSD geeks, sorry. ;D
If the box MUST use a gateway ip of a device other than the pfsense box, go and redirect the traffic via another program to your machine. Examples are as follows:
If you have another Windows based computer there in your setup, and it uses the same gateway as your 192.168.20.2 computer (not the pfsense), install a port mapping program like PortMapper from AnalogX onto the computer. It can be found at: http://www.analogx.com/contents/download/network/pmapper.htm
Once installed, your must setup a port-forward rule on your pfsense to this 'temp' computer (say port 80), then setup PortMapper to forward port 80 over onto the 192.168.20.2 computer.
I use this method all the time for when I need to access ports on computer not using pfsense as my main router as it uses another router/ISP to get out to the Internet.
If you only have non-based Windows computers in your setup, I do think there are other redirect/port-mapping programs out there that can function the same as PortMapper.