Redirect port from WAN to the host on a different subnet connected via IPsec

  • Hello!

    WAN = w.x.y.z
    LAN =
    Also there is another subnet connected via IPsec.

    I need to redirect port like this: w.x.y.z:3393 ->
    So I created a NAT rule:
    WAN TCP * * WAN address 3393 3389 (MS RDP)

    It's not working. May be I need to create Outbound NAT rules ? Which options to choose ?

  • This is not going to work as when the packet gets to, it has a different route back to the original source. The only way to do this is if you can do a double transform. I use Linux iptables for this sort of thing as it has source and destination NATing. I have not tried this in pfSense, so i don't know if that is going to be possible or not.

  • podilarius, thanks for suggestion.

    On another side of IPsec tunnel I have pfSense with WAN = a.b.c.d
    Is it possible to redirect port from external to external IP like this w.x.y.z:3393 -> a.b.c.d:3393 -> ?
    I tried, but it's not working too.

  • Honestly don't know … Might be possible with a WAN and then a LAN rule. I don't think that is going to work either as it is still going a different route with NAT transforms as well.

Log in to reply