Redirect port from WAN to the host on a different subnet connected via IPsec
-
Hello!
WAN = w.x.y.z
LAN = 172.16.34.1/24
Also there is another subnet 172.16.32.0/24 connected via IPsec.I need to redirect port like this: w.x.y.z:3393 -> 172.16.32.5:3389
So I created a NAT rule:
WAN TCP * * WAN address 3393 172.16.32.5 3389 (MS RDP)It's not working. May be I need to create Outbound NAT rules ? Which options to choose ?
-
This is not going to work as when the packet gets to 172.16.32.5, it has a different route back to the original source. The only way to do this is if you can do a double transform. I use Linux iptables for this sort of thing as it has source and destination NATing. I have not tried this in pfSense, so i don't know if that is going to be possible or not.
-
podilarius, thanks for suggestion.
On another side of IPsec tunnel I have pfSense with WAN = a.b.c.d
Is it possible to redirect port from external to external IP like this w.x.y.z:3393 -> a.b.c.d:3393 -> 172.16.32.5:3389 ?
I tried, but it's not working too. -
Honestly don't know … Might be possible with a WAN and then a LAN rule. I don't think that is going to work either as it is still going a different route with NAT transforms as well.