Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Redirect a External IP to a Internal IP

    Scheduled Pinned Locked Moved Firewalling
    23 Posts 5 Posters 12.5k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • D Offline
      doktornotor Banned
      last edited by

      @turbogizzmo:

      In summary:

      Question: Can Pfsense redirect a LAN request to external IP back to a internal IP?
      Answer: No, it cannot.

      Actually it can with NAT reflection enabled. (Not that it'd make any more sense regarding the SIP setup.)

      1 Reply Last reply Reply Quote 0
      • DerelictD Offline
        Derelict LAYER 8 Netgate
        last edited by

        So we have this:

        LAN Subnet: 192.168.0.0/24

        Host: 192.168.0.100

        Server: 192.168.0.200

        Other IP: 8.8.8.8

        Put the NAT translation as described in https://forum.pfsense.org/index.php?topic=87827.msg483571#msg483571

        LAN ICMP * * 8.8.8.8 N/A 192.168.0.200 N/A  (N/A since it's ICMP)

        Host generates ICMP src 192.168.0.100 dest 8.8.8.8
        pfSense receives packet
        pfSense translates packet to src 192.168.0.100 dest 192.168.0.200
        pfSense sends packet back out LAN interface
        Server receives and sends echo reply src 192.168.0.200 dest 192.168.0.100
        Reply goes directly to Host over LAN, not back through pfSense.

        Am I understanding that right?

        Chattanooga, Tennessee, USA
        A comprehensive network diagram is worth 10,000 words and 15 conference calls.
        DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
        Do Not Chat For Help! NO_WAN_EGRESS(TM)

        1 Reply Last reply Reply Quote 0
        • M Offline
          mikeisfly
          last edited by

          This seems overly complicated, to me for VoIP. I run two VoIP servers (Cisco Call Manager and FreePBX) here in my lab and have phones deployed from NJ all the way down to VA and roaming Phones to FL. I'm not sure how much flexibility you have with your network but first off your phones should be on a separate network than your data users that way if you wanted to you can do COS. If your SIP guy put a box on your network then you should create a separate VLAN for the box and your phones and boom, your done. The phones will get DHCP (which may include TFTP information) and register to your SIP box and you are only responsible for putting the SIP box online.

          The way you are trying to do it your SIP provider should probably change the config file in your phones to register with the SIP proxy on your lan instead of with the external address. If they programmed the phones to register with a DNS then you could just do what everyone is suggesting which is intercept the DNS Query and reply with an internal address. This is pretty easy if you have a DNS server on your network. It may be a litter harder if you have to download a package with PfSense to do it, but not difficult. Just looked at my Pfsense 2.2 box real quick and it has a DNS resolver in there so this is absolutely doable and it seems to me that you don't even need to install any packages.

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.