Outbound Traffic to IP redirect to another IP?

tkarkache

Hello all,

New to pfSense. Have a question concerning outbound NAT.

I currently have to separate WANs both are working and I have configured some devices to reroute over the secondary wan with out issue.
Now I need to figure out exact how to redirect outbound traffic to a specific external IP address to another external IP address.

I have a monitoring software package which monitors several devices. The issue is the devices connect inbound on one IP address but only allow inbound traffic on another IP address. So what happens is everytime one of these devices connects to my monitoring package it updates the IP address in my database.
My monitoring package will attempt to connect to that same address, however the device is listening on another IP.

Example

I need to reroute all outbound traffic from either a single host or the entire network destined to .1.1.1 to 10.2.2.2
With my old linux router I use to the following

iptables -A PREROUTING -d 10.1.1.1 -p tcp -m tcp -j DNAT –to-destination 10.2.2.2

Any idea are appreciated.

Cheers.
T.K.

Waco1

Are the multiple WANs for failsafe internet access, load balancing, both?

Have you tried adding a static route to the remote addresses? One that forces the outbound packets through a specific WAN IF? The return packets (assuming session based protocol) wil automatically come back via the same IF.

System->Routing->Routes tab

I'd try that first for most generic monitoring tasks, but I don't really understand what you're trying to accomplish, or how you're trying to go about it (unicast, multicast, icmp, snmp, etc.)

You may have to re-think how you do the monitoring e.g., use TCP.

tkarkache

Waco,

What I want to do is redirect all outbound traffic destined to 10.1.1.1 to 10.2.2.2.

both are outside of my network. When I want to connect to the remote device I initiate the connection to 10.2.2.2.
However when the device makes the connection to me it's coming from 10.1.1.1.

Nothing in the configuration menu seems to look like it would work.

tkarkache

Issue Solved:

Firewall –> NAT - Create Port Forward Rule

If: WAN
Proto: ALL
Src. addr: LAN net
Src. ports: ALL
Dest. addr: 10.1.1.1
Dest. ports: ALL
NAT IP: 10.2.2.2
NAT Ports ALL

Waco1

Let me get this straight: you want traffic from systems on your WAN subnet (e.g., /29) to come from their actual IP address, and not the base WAN address? If so, I think that requires separate physical NICs, all connected to the WAN, with /31 addresses.

Example: 111.1.1.106/29 WAN provides 111.1.1.106 - 111.1.1.111 IP addresses. If you have one pfSense NIC connected to that WAN, with /29 masking, all traffic will appear to come from 111.1.1.106 (the base address). However, you could also connect the WAN to a hub or switch, and provide six NICs configured for 111.1.1.106/31, 111.1.1.107/31, etc. In that case, traffic from the .107 NIC would appear to come from the .107 address.

There may be another way to do it, but that's the only way I know of.

SysIT

Firewall - NAT - outbound NAT

manual mode

you assign the internal LAN ip to go out over the Virtual IP's / WAN IP;s you have assigned in the system.