Route/NAT incoming to other firewall's public ip

  • In short: incoming traffic from internet on WAN is to be redirected to a server in another datacenter.
    The reason for this is that we are moving a bunch of webservers to a new datacenter. We want to test everything before changing the DNS records, for a very fast fallback possibility. We are not allowed to set TTL below 3600.

    Datacenter 1 (old): All equipment under our control
    pfSense 2.1
    5 public ip's on WAN - 4 virtual.
    Primary WAN ip:
    Virtual ip for webserver1 (ws1): (this is the one we've tested with).
    Web-servers running business-critical applications on port 443, OPT interface private subnet.
    NAT rules to each webserver.

    Datacenter 2 (new): Only the servers are controlled by us, no access to firewall.
    Firewall Juniper or Fortinet.
    Web-servers running copy of our business-critical applications on port 443, private subnet.
    5 public ip's on WAN.
    NAT rules to each webserver.
    Public ip to webserver1-new (ws1-n):

    I tried adding a NAT rule on pfSense WAN with "Redirect target IP"
    Now from a laptop I go to
    It seems the traffic actually hit ws1-n, logs showed it received & replied.
    But nothing comes back to laptop.

    Am I doing this wrong? Or have I missed something? I'm thinking it's a NAT issue, but not sure.

  • Check the source. You probably have a routing issue resulting from not NAtting the original connection. Just a guess though. I would perhaps try a 1:1 NAT instead. Then again, I have never tried something like that with pfSense.

Log in to reply