Link to home
Start Free TrialLog in
Avatar of OAC Technology
OAC TechnologyFlag for United States of America

asked on

How do I set up NAT on a second gateway router which isn't a default gateway?

Here is my current setup
|----------|
| Router 1 |---|
|----------|   |     |-----|   |--------|
               +-----| Lan |---| Server |
               |     |-----|   |--------|
|----------|   |
| Router 2 |---|
|----------|

Open in new window


I want to be able to send traffic from the internet coming in on Router 2's public IP to the Server's private IP.
Router 2 is a pfSense router, Router 1 is a simple iptables router. I have set up NAT Port Forwarding on Router 2, but the server is trying to respond to the request via Router 1 because Router 1 is the default router.

How do I hide the IP address that is coming in from the internet so the server will respond through Router 2?
Avatar of ddiazp
ddiazp
Flag of Canada image
I don't think NAT is a viable option in your scenario; but perhaps you applied NAT at the wrong place?; you should be creating a NAT rule on R2's inside interface. The problem with this is that this will undoubtedly affect other systems using Router2.

I'd suggest looking at the server's routing table and perhaps making the modifications there if possible.

How many interfaces does your server have?
Avatar of OAC Technology
OAC Technology
Flag of United States of America image

ASKER

My server has one interface, and both routers are on the same subnet, and can the server can access both routers. When someone connects I see it show up in netstat on the server, but since the server attempts to respond to their public IP it goes through the wrong router. Is there a way to make pfSense dynamically keep track of connections and hide the public IP of requesters so the server responds directly to the router?
ASKER CERTIFIED SOLUTION
Avatar of ddiazp
ddiazp
Flag of Canada image
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of OAC Technology
OAC Technology
Flag of United States of America image

ASKER

Thanks ddiazp, I tried that but it doesn't seem to actually be translating. Here's what iptstate returns.

                              IPTables - State Top
Version: 1.4          Sort: SrcIP           s to change sorting
Filters:   Source: <my public ip>
Source                  Destination             Proto   State        TTL
<my public ip>:20415       <server private ip>:22            tcp     SYN_RECV       0:00:53

Open in new window

Avatar of ddiazp
ddiazp
Flag of Canada image
Can you run wireshark or tcpdump, etc. on the server and try to see how this request looks like?

What does pfctl -s nat show?

or Diagnose->States?
Avatar of OAC Technology
OAC Technology
Flag of United States of America image

ASKER

The server is receiving the request just fine, but it sees the public ip of the requester, and then due to its routing table, it tries getting sent back out using the other router, but because that's on a different IP address, the requester doesn't listen to the response.