[pfSense] NATting/re-routing in the same network, is this possible?

[Stefan Baur]

Hi List,

I have multiple sites where several clients (C1...Cn) within the same 
LAN need to connect a server (S).

The pfSense box acts a router (R) at all these sites.
The router IP on the LAN side is the same everywhere.
The server IP varies from site to site, though.

Ex:

Site 1                   Site 2
C1---+ C1---+
     |     |
C2---+---R 192.168.0.1 C2---+---R 192.168.0.1
...  |...  |
Cn---+Cn---+
     |     |
 S---+S---+
.100                     .200

I would like to avoid having to configure all the clients individually, 
so I am looking for a way to let pfSense act like a NAT router.
Plan: Make the clients think they connect to the server, while in 
reality, they connect to the pfSense box that forwards the connection to 
the real server.
Reason: Central, single point of administration per site.

What I tried:

NAT rule:
                <rule>
                        <source>
                                <any/>
                        </source>
                        <destination>
<network>opt1ip</network>
                                <port>52222</port>
                        </destination>
                        <protocol>tcp</protocol>
                        <target>192.168.0.100</target>
                        <local-port>52222</local-port>
                        <interface>lan</interface>
                        <descr><![CDATA[Internal portforwarding for 
server access]]></descr>
<associated-rule-id>nat_5065cd732734e8.45732086</associated-rule-id>
                </rule>

Firewall rule:
 <rule>
                        <id/>
                        <type>pass</type>
                        <interface>lan</interface>
                        <tag/>
                        <tagged/>
                        <max/>
                        <max-src-nodes/>
                        <max-src-conn/>
                        <max-src-states/>
                        <statetimeout/>
                        <statetype>keep state</statetype>
                        <os/>
                        <protocol>tcp</protocol>
                        <source>
                                <any/>
                        </source>
                        <destination>
<address>192.168.0.100</address>
                                <port>52222</port>
                        </destination>
                        <log/>
                        <descr><![CDATA[Internal portforwarding for 
server access]]></descr>
<associated-rule-id>nat_5065cd732734e8.45732086</associated-rule-id>
                </rule>

The firewall rule is on top of the LAN rules list, and I pushed the 
"apply changes" button.

It does not work, though - I cannot establish a connection to the server 
by connecting to the same port on the router.

So, I guess I'm doing it wrong, or it isn't possible at all.

Could somebody please enlighten me? :-)

-Stefan
_______________________________________________
List mailing list
List@lists.pfsense.org
http://lists.pfsense.org/mailman/listinfo/list