Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Destination NAT

    Scheduled Pinned Locked Moved 2.2 Snapshot Feedback and Problems - RETIRED
    3 Posts 2 Posters 1.2k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • R
      Rhongomiant
      last edited by

      Greetings,

      I know I can do this at a protocol and protocol/port level using port forwarding, but I don't the ability to create a 1:1 destination NAT. Maybe I am missing the option, but I only have a production system on which I can test this currently, so I would like some confirmation before I try this. Below I explain what i am looking to do.

      When traffic from 192.168.1.x is sent to 10.0.0.x, translate 10.0.0.x to 192.168.200.x and consequently when traffic from 192.168.200.x is sent to 192.168.1.x, translate 192.168.200.x to 10.0.0.x.

      Additionally I would love to have this option (destination) as a directional NAT as well. pfSense has this in the form of outbound NAT, but I believe it will only translate the source, not the destination.

      Hopefully someone can provide some insight in relate to the pf options here, what of those pfSense already allows and if there is anything missing, hopefully we can get these options on the development road map.

      Thanks,

      Rhongomiant

      1 Reply Last reply Reply Quote 0
      • jimpJ
        jimp Rebel Alliance Developer Netgate
        last edited by

        To translate the destination, use port forwards or 1:1 NAT on LAN (with 10.0.0.x as "external", 192.168.200.x as "internal")

        Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

        Need help fast? Netgate Global Support!

        Do not Chat/PM for help!

        1 Reply Last reply Reply Quote 0
        • R
          Rhongomiant
          last edited by

          jimp,

          Thanks for that. My brain was getting confused with the terminology rather than looking at what is happening when these settings are set and applying the correct perspective. I have confirmed that this works.

          Am I correct in my assumption that in a 1:1 rule the ip or subnet entered in the "Destination" section is really source or destination depending on what end initiates the connection? Therefore if I only want this rule to apply when traffic is to or from 172.21.0.0/24, I would enter 172.21.0.0/24 in the "Destination" section, correct.

          Now is there a way to create a directional NAT to do the same without being limited to specific ports and protocols?

          Thanks,

          Rhongomiant

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.