Destination NAT
-
Greetings,
I know I can do this at a protocol and protocol/port level using port forwarding, but I don't the ability to create a 1:1 destination NAT. Maybe I am missing the option, but I only have a production system on which I can test this currently, so I would like some confirmation before I try this. Below I explain what i am looking to do.
When traffic from 192.168.1.x is sent to 10.0.0.x, translate 10.0.0.x to 192.168.200.x and consequently when traffic from 192.168.200.x is sent to 192.168.1.x, translate 192.168.200.x to 10.0.0.x.
Additionally I would love to have this option (destination) as a directional NAT as well. pfSense has this in the form of outbound NAT, but I believe it will only translate the source, not the destination.
Hopefully someone can provide some insight in relate to the pf options here, what of those pfSense already allows and if there is anything missing, hopefully we can get these options on the development road map.
Thanks,
Rhongomiant
-
To translate the destination, use port forwards or 1:1 NAT on LAN (with 10.0.0.x as "external", 192.168.200.x as "internal")
-
jimp,
Thanks for that. My brain was getting confused with the terminology rather than looking at what is happening when these settings are set and applying the correct perspective. I have confirmed that this works.
Am I correct in my assumption that in a 1:1 rule the ip or subnet entered in the "Destination" section is really source or destination depending on what end initiates the connection? Therefore if I only want this rule to apply when traffic is to or from 172.21.0.0/24, I would enter 172.21.0.0/24 in the "Destination" section, correct.
Now is there a way to create a directional NAT to do the same without being limited to specific ports and protocols?
Thanks,
Rhongomiant
