Hi List,
I have multiple sites where several clients (C1...Cn) within the same
LAN need to connect a server (S).
The pfSense box acts a router (R) at all these sites.
The router IP on the LAN side is the same everywhere.
The server IP varies from site to site, though.
Ex:
Site 1 Site 2
C1---+ C1---+
| |
C2---+---R 192.168.0.1 C2---+---R 192.168.0.1
... |... |
Cn---+Cn---+
| |
S---+S---+
.100 .200
I would like to avoid having to configure all the clients individually,
so I am looking for a way to let pfSense act like a NAT router.
Plan: Make the clients think they connect to the server, while in
reality, they connect to the pfSense box that forwards the connection to
the real server.
Reason: Central, single point of administration per site.
What I tried:
NAT rule:
<rule>
<source>
<any/>
</source>
<destination>
<network>opt1ip</network>
<port>52222</port>
</destination>
<protocol>tcp</protocol>
<target>192.168.0.100</target>
<local-port>52222</local-port>
<interface>lan</interface>
<descr><![CDATA[Internal portforwarding for
server access]]></descr>
<associated-rule-id>nat_5065cd732734e8.45732086</associated-rule-id>
</rule>
Firewall rule:
<rule>
<id/>
<type>pass</type>
<interface>lan</interface>
<tag/>
<tagged/>
<max/>
<max-src-nodes/>
<max-src-conn/>
<max-src-states/>
<statetimeout/>
<statetype>keep state</statetype>
<os/>
<protocol>tcp</protocol>
<source>
<any/>
</source>
<destination>
<address>192.168.0.100</address>
<port>52222</port>
</destination>
<log/>
<descr><![CDATA[Internal portforwarding for
server access]]></descr>
<associated-rule-id>nat_5065cd732734e8.45732086</associated-rule-id>
</rule>
The firewall rule is on top of the LAN rules list, and I pushed the
"apply changes" button.
It does not work, though - I cannot establish a connection to the server
by connecting to the same port on the router.
So, I guess I'm doing it wrong, or it isn't possible at all.
Could somebody please enlighten me? :-)
-Stefan
_______________________________________________
List mailing list
List@lists.pfsense.org
http://lists.pfsense.org/mailman/listinfo/list