Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    How to redirect traffic from lan_ip_1:port1 to lan_ip_2:port2?

    NAT
    2
    4
    1.0k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • I
      ioiioi
      last edited by

      here is my topology:

      
                           |
        ext:20.20.20.20:4000 -> 1.1.1.1:4000
                           |
                         firewall
                           | 
                      int:1.1.1.254
                           |
                         switch
                 +---------+---------+
                 |                   | 
       int:1.1.1.1:4000      int:1.1.1.2:3389
                 |                   |
              pfsense             server

      the external firewall had been translate 20.20.20.20:4000 to 1.1.1.1:4000, the problem is, any possible to redirect 1.1.1.1:4000 to 1.1.1.2:3389?

      ps: I don't have authorized to modify external firewall's rules.

      1 Reply Last reply Reply Quote 0
      • M
        muswellhillbilly
        last edited by

        Destination NAT can parse traffic to one target. If you want to load balance the inbound traffic between 1.1.1.1 and 1.1.1.2, you either insert a load balancer to handle the traffic between the two internal hosts, or you can set up external round-robin DNS with two external IPs bound to the one A record and port forward the two to the respective internal IPs. For example, forward 20.20.20.20:4000 to 1.1.1.1:4000 and 20.20.20.21:4000 to 1.1.1.2:3389. Then create two A records for 'myserver.com' for instance to resolve to both 20.20.20.20 and 20.20.20.21.

        Not sure what you mean by not being authorized to change the external firewall rules. If not you, then who?

        On second reading of your post, you may be suggesting that you want to forward your forwarded traffic directly from 1.1.1.1:4000 to 1.1.1.2:3389. In which case, make 1.1.1.1 a load-balancer and configure it to forward traffic to 1.1.1.2. If I haven't misread your post (and I may have), you may be suggesting that the firewall isn't configurable by you, so you can't change the port-forward rule on it. If that's the case, then this technically isn't a PFsense (or even a firewall) question.

        1 Reply Last reply Reply Quote 0
        • I
          ioiioi
          last edited by

          @muswellhillbilly:

          you may be suggesting that you want to forward your forwarded traffic directly from 1.1.1.1:4000 to 1.1.1.2:3389.
          you may be suggesting that the firewall isn't configurable by you, so you can't change the port-forward rule on it.

          you are right.
          hmm, so I have to find another solution.

          1 Reply Last reply Reply Quote 0
          • I
            ioiioi
            last edited by

            I found a solution: ssh tunnel

            I might ssh into pfsense from outside, so on my laptop

            ssh -N -L 1022:server_lan_ip:22 user@pfsense_wan_ip -p 2022

            pfsense_wan_ip is firewall's external ip, this ip's port 2022 was port forward to pfsense_lan_ip port 22

            then, ssh localhost 1022 will do the tricky.

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.