Need help with SNAT
-
I am testing a pfSense 2.1.4-R firewall before putting in production. I'd like to get a port forward working even though it's not my primary firewall/default gateway to the Internet. On other firewalls (ENDIAN), I'd have to setup SNAT for the port forward to work since it's not the default gateway.
I've spent over a hour trying everything I can think of. I have an entry in the "Port Forward" tab, the "1:1" tab, and the "Outbound" tab.
Could someone please give me direction on how to do this?
I simply testing to port forward 25 (SMTP) to my Exchange server (172.30.100.5). Which tab(s) do I need to set this up under?
Network is setup like this:
EXCHANGE (172.30.100.5)
ENDIAN Firewall (172.30.100.1/67.80.100.2), default gateway for LAN to Internet
PFSENSE Firewall (172.30.100.100/67.80.100.3), test firewall -
I managed to make this work in my test environment. Although I was using pfSense 2.2-ALPHA, I'll bet the same thing works on 2.1.4.
Create a regular port forward as usual:Interface: WAN
Proto: TCP
Src addr: *
Src ports: *
Dest. addr: WAN address
Dest. ports: 25
NAT IP: 172.30.100.5
NAT Ports: 25 (SMTP)Afterwards, go to the tab "Outbound". If you have mode set to Automatic, you need to change it to manual to be able to create a new rule. Not really sure, since i always set it to manual immediately after install, but this change could potentially break things in your test environment somewhat.
Create a new rule:
Interface: LAN
Source: any
Source Port: tcp/*
Destination: 172.30.100.5
Destination Port: tcp/25
NAT Address: LAN address
NAT Port: *
Static Port: NOAnd now it should work.
-
Thank you, that worked perfectly!