Netgate SG-1000 microFirewall

Author Topic: Override or route traffic on a certain port  (Read 115 times)

0 Members and 1 Guest are viewing this topic.

Offline fireix

  • Full Member
  • ***
  • Posts: 123
  • Karma: +0/-0
    • View Profile
Override or route traffic on a certain port
« on: November 09, 2017, 02:16:24 pm »
I have a situation where a client has a fixed VPN address for his server: (he has a pfsense-firewall/DHCP-server that runs OpenVPN directly into his server).

When client visits in browser, he gets his website on LAN. When he uses, he hits his applications serviceport. This works very good and both traffic goes over VPN of course.

There are some computers that tries to access this same service on public_ip:5000 I want to try to do a quick fix. It is possible to do easy?

I have to VPN to their network myself to test, so I can't really test it the public_ip:5000 myself easy I think, but for now, I just tried to go into Outbound NAT on their fw, choose LAN as interface, destination port 5000 and "Port or range" 80. That's it. Now, all traffic going from LAN should be rewritten/changed to port 80 (in my dreams). I would expect to get to their website when I now type (also tried 8081) - same goes for public_ip:5000.

I'm sure there is a logic reason for this.. how should I do it?  Local lan is 172.X something.

Maybe my method actually works if I choose WAN-side and access their public_ip from inside LAN? So that it is only not working because I'm going through VPN...

I have Hybrid Outbound NAT activated and this rule is the first one.