Redirect port from WAN to the host on a different subnet connected via IPsec



  • Hello!

    WAN = w.x.y.z
    LAN = 172.16.34.1/24
    Also there is another subnet 172.16.32.0/24 connected via IPsec.

    I need to redirect port like this: w.x.y.z:3393 -> 172.16.32.5:3389
    So I created a NAT rule:
    WAN TCP * * WAN address 3393 172.16.32.5 3389 (MS RDP)

    It's not working. May be I need to create Outbound NAT rules ? Which options to choose ?



  • This is not going to work as when the packet gets to 172.16.32.5, it has a different route back to the original source. The only way to do this is if you can do a double transform. I use Linux iptables for this sort of thing as it has source and destination NATing. I have not tried this in pfSense, so i don't know if that is going to be possible or not.



  • podilarius, thanks for suggestion.

    On another side of IPsec tunnel I have pfSense with WAN = a.b.c.d
    Is it possible to redirect port from external to external IP like this w.x.y.z:3393 -> a.b.c.d:3393 -> 172.16.32.5:3389 ?
    I tried, but it's not working too.



  • Honestly don't know … Might be possible with a WAN and then a LAN rule. I don't think that is going to work either as it is still going a different route with NAT transforms as well.


Locked