Need help with SNAT



  • I am testing a pfSense 2.1.4-R firewall before putting in production.  I'd like to get a port forward working even though it's not my primary firewall/default gateway to the Internet.  On other firewalls (ENDIAN), I'd have to setup SNAT for the port forward to work since it's not the default gateway.

    I've spent over a hour trying everything I can think of.  I have an entry in the "Port Forward" tab, the "1:1" tab, and the "Outbound" tab.

    Could someone please give me direction on how to do this?

    I simply testing to port forward 25 (SMTP) to my Exchange server (172.30.100.5).  Which tab(s) do I need to set this up under?

    Network is setup like this:

    EXCHANGE (172.30.100.5)
    ENDIAN Firewall (172.30.100.1/67.80.100.2), default gateway for LAN to Internet
    PFSENSE Firewall (172.30.100.100/67.80.100.3), test firewall



  • I managed to make this work in my test environment. Although I was using pfSense 2.2-ALPHA, I'll bet the same thing works on 2.1.4.
    Create a regular port forward as usual:

    Interface: WAN
    Proto: TCP
    Src addr: *
    Src ports: *
    Dest. addr: WAN address
    Dest. ports: 25
    NAT IP: 172.30.100.5
    NAT Ports: 25 (SMTP)

    Afterwards, go to the tab "Outbound". If you have mode set to Automatic, you need to change it to manual to be able to create a new rule. Not really sure, since i always set it to manual immediately after install, but this change could potentially break things in your test environment somewhat.

    Create a new rule:

    Interface: LAN
    Source: any
    Source Port: tcp/*
    Destination: 172.30.100.5
    Destination Port: tcp/25
    NAT Address: LAN address
    NAT Port: *
    Static Port: NO

    And now it should work.



  • Thank you, that worked perfectly!