How to redirect traffic from lan_ip_1:port1 to lan_ip_2:port2?
here is my topology:
| ext:22.214.171.124:4000 -> 126.96.36.199:4000 | firewall | int:188.8.131.52 | switch +---------+---------+ | | int:184.108.40.206:4000 int:220.127.116.11:3389 | | pfsense server
the external firewall had been translate 18.104.22.168:4000 to 22.214.171.124:4000, the problem is, any possible to redirect 126.96.36.199:4000 to 188.8.131.52:3389?
ps: I don't have authorized to modify external firewall's rules.
Destination NAT can parse traffic to one target. If you want to load balance the inbound traffic between 184.108.40.206 and 220.127.116.11, you either insert a load balancer to handle the traffic between the two internal hosts, or you can set up external round-robin DNS with two external IPs bound to the one A record and port forward the two to the respective internal IPs. For example, forward 18.104.22.168:4000 to 22.214.171.124:4000 and 126.96.36.199:4000 to 188.8.131.52:3389. Then create two A records for 'myserver.com' for instance to resolve to both 184.108.40.206 and 220.127.116.11.
Not sure what you mean by not being authorized to change the external firewall rules. If not you, then who?
On second reading of your post, you may be suggesting that you want to forward your forwarded traffic directly from 18.104.22.168:4000 to 22.214.171.124:3389. In which case, make 126.96.36.199 a load-balancer and configure it to forward traffic to 188.8.131.52. If I haven't misread your post (and I may have), you may be suggesting that the firewall isn't configurable by you, so you can't change the port-forward rule on it. If that's the case, then this technically isn't a PFsense (or even a firewall) question.
you may be suggesting that you want to forward your forwarded traffic directly from 184.108.40.206:4000 to 220.127.116.11:3389.
you may be suggesting that the firewall isn't configurable by you, so you can't change the port-forward rule on it.
you are right.
hmm, so I have to find another solution.
I found a solution: ssh tunnel
I might ssh into pfsense from outside, so on my laptop
ssh -N -L 1022:server_lan_ip:22 user@pfsense_wan_ip -p 2022
pfsense_wan_ip is firewall's external ip, this ip's port 2022 was port forward to pfsense_lan_ip port 22
then, ssh localhost 1022 will do the tricky.