I have a multi-site VPN currently running with pfSense boxes and currently using OpenVPN. However I can change the OS and VPN type if need be.
The main router has a 10.13.0.0/16 subnet and a series of public IPs
For example, a branch has a 10.12.1.0/24 subnet
How can I port forward NAT traffic on a public IP of the main router to a server behind the NAT of the second? So for instance port 95 on a public IP assigned to the main router forwards to 10.12.1.102 on the other router.
Is this even possible? Currently my setup works great but only for intertnal traffic
Best Answer
You will use 1:1 NAT to map a public IP to a private IP. Theoretically you can stack multiple layers of 1:1 NAT. For example:
Or if you only want one port to go behind your two routers, the same is possible with simple port forwarding rules. Example:
The pfSense boxes will maintain the session tables and accurately move traffic back and forth through the multiple forwards.