PFSense DNAT and SNAT

hanep

Hi!

Good day!

Can you please help me guys on how to achieve this kind of redirection, or at least guide me where to start my troubleshooting.

I have this following setup
PFS latest version (2.1-Release)

WAN IP 10.0.0.1 /24
LAN IP 10.0.1.254
GW IP 10.0.0.254
IP That will hit WAN: 172.16.0.1

Condition on WAN Interface: If source IP is 172.16.0.1 then redirect to default GW (10.0.0.254).
else allow inbound to WAN.

I want to accomplish something like iptables rules.

-A PREROUTING -s 172.16.0.1 -j DNAT –to-destination 10.0.0.254
-A POSTROUTING -s 172.16.0.1 -j SNAT --to-source 10.0.0.1

I have tried putting WAN rule with:

Protocol: Any | Src: 172.16.0.1 | Port: Any |Dst: Any |Port: Any | GW: Default
and
Protocol: Any | Src: 172.16.0.1 | Port: Any |Dst: Any |Port: Any | GW: 10.0.0.254

Outbound NAT
Interface: WAN | Source: 172.16.0.1 |SPort: Any | Dst: Any | DstPort: Any |NAT Add: WAN Address| NAT Port: Any | Static Port: No

Still no luck.

Thanks in advance!

-Hanep.

kathampy

I don't understand what you're trying to do. Is 172.16.0.1 on the LAN side or a remote address from beyond the gateway on WAN side? What do you mean by redirect?

If it's coming from the WAN side then I don't see how you can DNAT to the GW address since it has already passed the GW by the time it reaches pfSense.

The rules on the WAN are only useful if the destination packet is for a host on one of pfSense's other interfaces and pfSense is performing non-NAT routing from WAN to LAN.

The Manual Outbound NAT rules on WAN are also applicable for traffic originating from another interface and leaving through WAN.

I believe you should be creating the DNAT rules on the GW host, not on pfSense.