Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Can pfSense port forward UDP to external address?

    Scheduled Pinned Locked Moved General pfSense Questions
    4 Posts 3 Posters 1.3k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • P
      pwnell
      last edited by

      Here is my situation.  I have a client that sends traffic to my pfSense WAN IP on UDP port 3061.  I have a NAT rule on the pfSense firewall that translates this to an internal IP say 192.168.0.10 port 3061.  All works well.  How the internal IP 192.168.0.10 goes down - hardware failure.  Our cloud company has a backup, but that backup lives at a public IP of say 555.555.555.555 (yeah yeah) outside our network.  Since I have no control over the client sending packets to our pfSense WAN IP, I want to habve pfSense receive packets on its WAN IP from that client on UDP port 3061, but forward them to 555.555.555.555:3061.  Replies should be obviously received by pfSense and forwarded back to the client.

      Is this possible?  If so, how?  I am not sure if this falls under routing or NAT so I posted here.

      1 Reply Last reply Reply Quote 0
      • jimpJ
        jimp Rebel Alliance Developer Netgate
        last edited by

        That can work but you have to ensure the traffic comes back to pfSense, which means (typically) that, in addition to the port forward sending traffic to the cloud provider, you must have a rule to do outbound NAT on WAN with a source of ANY and a destination of the cloud server. The cloud server would only see the firewall as the source of the traffic.

        A low TTL on your DNS records and changing DNS on failure to point to the cloud provider may be a better option.

        Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

        Need help fast? Netgate Global Support!

        Do not Chat/PM for help!

        1 Reply Last reply Reply Quote 0
        • P
          pwnell
          last edited by

          Thank you for your quick response.  DNS is not an option (in this particular case) as the sender is a Surguard alarm panel and it can only deal with numeric IP addresses.

          I have tested the NAT + Outbound NAT and it worked in a limited nc test.  I will be testing it with UDP traffic next.

          1 Reply Last reply Reply Quote 0
          • R
            ronniesmonasoutlook.com
            last edited by

            Hi Guys,

            Do you guys know how to do this? Steps?  :(

            I'm new to PFSense and not sure if this can be done. I see this topic is  2+ years old but no solution is mentioned. Can I get some help in same situation?

            I have pfsense instance with 1 NIC with let's say Public IP is 1.1.1.1

            I have a web server instance that not on local network and hosted somewhere else with public IP 2.2.2.2

            VPN is not an option on these IPs. I'm trying to configure pfsense so all traffic arriving on ports (80,443,20,21,22) on IP 1.1.1.1 is forwarded to 2.2.2.2 on the same ports.

            I am able to do it with SOCAT utility using the following command

            socat TCP-LISTEN:80,fork TCP:2.2.2.2:80

            but it's a small utility and no proper deamon/service is available for it. The only other option is IPTable  but I really like pfsense GUI and I can use it for VPN as well.

            Can someone please help?

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.