PFSense DNAT and SNAT



  • Hi!

    Good day!

    Can you please help me guys on how to achieve this kind of redirection, or at least guide me where to start my troubleshooting.

    I have this following setup
    PFS latest version (2.1-Release)

    WAN IP 10.0.0.1 /24
    LAN IP 10.0.1.254
    GW IP 10.0.0.254
    IP That will hit WAN: 172.16.0.1

    Condition on WAN Interface: If source IP is 172.16.0.1 then redirect to default GW (10.0.0.254).
    else allow inbound to WAN.

    I want to accomplish something like iptables rules.

    -A PREROUTING -s 172.16.0.1 -j DNAT –to-destination 10.0.0.254
    -A POSTROUTING -s 172.16.0.1 -j SNAT --to-source 10.0.0.1

    I have tried putting WAN rule with:

    Protocol: Any | Src: 172.16.0.1 | Port: Any |Dst: Any |Port: Any | GW: Default
    and
    Protocol: Any | Src: 172.16.0.1 | Port: Any |Dst: Any |Port: Any | GW: 10.0.0.254

    Outbound NAT
    Interface: WAN | Source: 172.16.0.1 |SPort: Any | Dst: Any | DstPort: Any |NAT Add: WAN Address| NAT Port: Any | Static Port: No

    Still no luck.

    Thanks in advance!

    -Hanep.



  • I don't understand what you're trying to do. Is 172.16.0.1 on the LAN side or a remote address from beyond the gateway on WAN side? What do you mean by redirect?

    If it's coming from the WAN side then I don't see how you can DNAT to the GW address since it has already passed the GW by the time it reaches pfSense.

    The rules on the WAN are only useful if the destination packet is for a host on one of pfSense's other interfaces and pfSense is performing non-NAT routing from WAN to LAN.

    The Manual Outbound NAT rules on WAN are also applicable for traffic originating from another interface and leaving through WAN.

    I believe you should be creating the DNAT rules on the GW host, not on pfSense.


Log in to reply