Can pfSense port forward UDP to external address?
-
Here is my situation. I have a client that sends traffic to my pfSense WAN IP on UDP port 3061. I have a NAT rule on the pfSense firewall that translates this to an internal IP say 192.168.0.10 port 3061. All works well. How the internal IP 192.168.0.10 goes down - hardware failure. Our cloud company has a backup, but that backup lives at a public IP of say 555.555.555.555 (yeah yeah) outside our network. Since I have no control over the client sending packets to our pfSense WAN IP, I want to habve pfSense receive packets on its WAN IP from that client on UDP port 3061, but forward them to 555.555.555.555:3061. Replies should be obviously received by pfSense and forwarded back to the client.
Is this possible? If so, how? I am not sure if this falls under routing or NAT so I posted here.
-
That can work but you have to ensure the traffic comes back to pfSense, which means (typically) that, in addition to the port forward sending traffic to the cloud provider, you must have a rule to do outbound NAT on WAN with a source of ANY and a destination of the cloud server. The cloud server would only see the firewall as the source of the traffic.
A low TTL on your DNS records and changing DNS on failure to point to the cloud provider may be a better option.
-
Thank you for your quick response. DNS is not an option (in this particular case) as the sender is a Surguard alarm panel and it can only deal with numeric IP addresses.
I have tested the NAT + Outbound NAT and it worked in a limited nc test. I will be testing it with UDP traffic next.
-
Hi Guys,
Do you guys know how to do this? Steps? :(
I'm new to PFSense and not sure if this can be done. I see this topic is 2+ years old but no solution is mentioned. Can I get some help in same situation?
I have pfsense instance with 1 NIC with let's say Public IP is 1.1.1.1
I have a web server instance that not on local network and hosted somewhere else with public IP 2.2.2.2
VPN is not an option on these IPs. I'm trying to configure pfsense so all traffic arriving on ports (80,443,20,21,22) on IP 1.1.1.1 is forwarded to 2.2.2.2 on the same ports.
I am able to do it with SOCAT utility using the following command
socat TCP-LISTEN:80,fork TCP:2.2.2.2:80
but it's a small utility and no proper deamon/service is available for it. The only other option is IPTable but I really like pfsense GUI and I can use it for VPN as well.
Can someone please help?
