Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Need help with SNAT

    Scheduled Pinned Locked Moved NAT
    3 Posts 2 Posters 3.2k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • P
      PokerMunkee
      last edited by

      I am testing a pfSense 2.1.4-R firewall before putting in production.  I'd like to get a port forward working even though it's not my primary firewall/default gateway to the Internet.  On other firewalls (ENDIAN), I'd have to setup SNAT for the port forward to work since it's not the default gateway.

      I've spent over a hour trying everything I can think of.  I have an entry in the "Port Forward" tab, the "1:1" tab, and the "Outbound" tab.

      Could someone please give me direction on how to do this?

      I simply testing to port forward 25 (SMTP) to my Exchange server (172.30.100.5).  Which tab(s) do I need to set this up under?

      Network is setup like this:

      EXCHANGE (172.30.100.5)
      ENDIAN Firewall (172.30.100.1/67.80.100.2), default gateway for LAN to Internet
      PFSENSE Firewall (172.30.100.100/67.80.100.3), test firewall

      1 Reply Last reply Reply Quote 1
      • V
        vindenesen
        last edited by

        I managed to make this work in my test environment. Although I was using pfSense 2.2-ALPHA, I'll bet the same thing works on 2.1.4.
        Create a regular port forward as usual:

        Interface: WAN
        Proto: TCP
        Src addr: *
        Src ports: *
        Dest. addr: WAN address
        Dest. ports: 25
        NAT IP: 172.30.100.5
        NAT Ports: 25 (SMTP)

        Afterwards, go to the tab "Outbound". If you have mode set to Automatic, you need to change it to manual to be able to create a new rule. Not really sure, since i always set it to manual immediately after install, but this change could potentially break things in your test environment somewhat.

        Create a new rule:

        Interface: LAN
        Source: any
        Source Port: tcp/*
        Destination: 172.30.100.5
        Destination Port: tcp/25
        NAT Address: LAN address
        NAT Port: *
        Static Port: NO

        And now it should work.

        Support the project by buying a Gold Subscription at https://portal.pfsense.org
        Running pfSense on SuperMicro A1SRI-2758F with ESXi 5.5

        1 Reply Last reply Reply Quote 1
        • P
          PokerMunkee
          last edited by

          Thank you, that worked perfectly!

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.