Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Route/NAT incoming to other firewall's public ip

    Scheduled Pinned Locked Moved NAT
    2 Posts 2 Posters 955 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • P Offline
      pingulino
      last edited by

      In short: incoming traffic from internet on WAN is to be redirected to a server in another datacenter.
      The reason for this is that we are moving a bunch of webservers to a new datacenter. We want to test everything before changing the DNS records, for a very fast fallback possibility. We are not allowed to set TTL below 3600.

      Setup:
      Datacenter 1 (old): All equipment under our control
      pfSense 2.1
      5 public ip's on WAN - 4 virtual.
      Primary WAN ip: 66.1.2.3
      Virtual ip for webserver1 (ws1): 77.1.2.3 (this is the one we've tested with).
      Web-servers running business-critical applications on port 443, OPT interface private subnet.
      NAT rules to each webserver.

      Datacenter 2 (new): Only the servers are controlled by us, no access to firewall.
      Firewall Juniper or Fortinet.
      Web-servers running copy of our business-critical applications on port 443, private subnet.
      5 public ip's on WAN.
      NAT rules to each webserver.
      Public ip to webserver1-new (ws1-n): 88.1.2.3

      I tried adding a NAT rule on pfSense WAN with "Redirect target IP"  88.1.2.3.
      Now from a laptop I go to https://77.1.2.3
      It seems the traffic actually hit ws1-n, logs showed it received & replied.
      But nothing comes back to laptop.

      Am I doing this wrong? Or have I missed something? I'm thinking it's a NAT issue, but not sure.

      1 Reply Last reply Reply Quote 0
      • P Offline
        podilarius
        last edited by

        Check the source. You probably have a routing issue resulting from not NAtting the original connection. Just a guess though. I would perhaps try a 1:1 NAT instead. Then again, I have never tried something like that with pfSense.

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.