Netgate SG-1000 microFirewall

Author Topic: Specific host routing question  (Read 116 times)

0 Members and 1 Guest are viewing this topic.

Offline carltont

  • Newbie
  • *
  • Posts: 3
  • Karma: +0/-0
    • View Profile
Specific host routing question
« on: November 28, 2017, 11:57:20 am »
So I've managed to confuse myself totally.

I have the following scenario:

Device with public IP X sends all traffic to public IP address Y which needs to be NATed (through pfsense) to private IP A.

Device with private IP A needs to send all traffic destined for public IP X NATed (through pfsense) as public IP Y to X and only X. 

No other inbound traffic (other than reciprocal traffic in response to private device A making an outbound request (update D/L, etc, etc)) routed/NATed to A.

I don't often need any special rules and my testing so far has been fruitless.

Please Help!

Thanks,
Tracy

Online johnpoz

  • Hero Member
  • *****
  • Posts: 14433
  • Karma: +1336/-200
  • Not a pfSense employee, they cannot fire me...
    • View Profile
Re: Specific host routing question
« Reply #1 on: November 28, 2017, 12:33:05 pm »
So this device at public IP A is not using pfsense as its default gateway I take it..

So you would need to create a route on this device with IP A to use pfsense IP on the A network as its gateway to get to public IP X..  So what OS is this device on IP A running.  Commands would be a bit different depending on the OS..

But lets say its windows...

route ADD 157.123.45.23 MASK 255.255.255.255 192.168.1.1

Where the 157 is the IP of X, and 192.168.1.1 is the IP of pfsense interface on network A.
- An intelligent man is sometimes forced to be drunk to spend time with his fools.
- Please don't PM me for personal help
- if you want to say thanks applaud or https://www.freebsdfoundation.org/donate/
1x SG-2440 2.3.4_p1 (work)
1x SG-4860 2.4.2-RELEASE (home)

Offline carltont

  • Newbie
  • *
  • Posts: 3
  • Karma: +0/-0
    • View Profile
Re: Specific host routing question
« Reply #2 on: November 29, 2017, 09:53:49 am »
Actually IP address A is a private IP behind the pfSense box. 

Device with public IP X supplies SIP voice traffic to a specific public/route-able IP address (in this case public IP address Y).  I need to ensure that only traffic from X going to Y gets through pfSense to the IP PBX at private IP address A.

No other public traffic should be allowed through unless it is in response to an OUTBOUND request from the PBX.

Also for two-way voice to work all outbound traffic from private IP address A should appear to come from public IP Y not the default public IP of the pfsense router with ip address Z (which IS in the same subnet as public IP Y).

Also the PBX is Linux (Redhat/Centos/Scientific) based.

Thank You,
Tracy

Online johnpoz

  • Hero Member
  • *****
  • Posts: 14433
  • Karma: +1336/-200
  • Not a pfSense employee, they cannot fire me...
    • View Profile
Re: Specific host routing question
« Reply #3 on: November 29, 2017, 10:01:14 am »
"I need to ensure that only traffic from X going to Y gets through pfSense to the IP PBX at private IP address A."

That would be simple restriction on your port forward/firewall rule to limit who can access the port forward..

As to having traffic use a different public IP on pfsense - this is simple policy route and or outbound nat setting.
- An intelligent man is sometimes forced to be drunk to spend time with his fools.
- Please don't PM me for personal help
- if you want to say thanks applaud or https://www.freebsdfoundation.org/donate/
1x SG-2440 2.3.4_p1 (work)
1x SG-4860 2.4.2-RELEASE (home)