Redirecting outcoming traffic
-
@viragomann in my example he said he has what I described, minus the port forwards.. Just firewall rules to allow the traffic.
But why would people from specific source IPs need to go to a specific server that clearly all do the same thing if you have a round robin dns setup..
If you want user X to only go to IP X, then create a new dns record x.domain.tld and tell them to use that.. Controlling it via source IP makes no sense..
-
@johnpoz said in Redirecting outcoming traffic:
Just firewall rules to allow the traffic.
The only configuration I can think of, that would work with just firewall rules for public addresses is a bridge across pfSense. But in this case he cannot route and also not nat.
-
@viragomann no if 1.2.3.0/24 is routed to your wan IP, then all you need to allow something to 1.2.3.x is a firewall rule.
https://docs.netgate.com/pfsense/en/latest/recipes/route-public-ip-addresses.html
-
@johnpoz
Yes. but in a bridged set up, the packets are not routed to the WAN, but directly to the destination IP behind pfSense. So you would be able to control the traffic with filter rules, but nothing else. -
@viragomann true if he is bridging then no port forward wouldn't work..
Still really don't understand why would want/need to do such a thing..
If I have a group of servers that are load balancing some service no matter if through a load balancer or via dns round robin. All of those servers would need to provide the same thing.. If not what if client goes to X vs Y and can't do what they are looking to do.
So why would you want any specific client to go to a specific one? If you did, then just point them there directly via specific fqdn that points to specific IP vs using the round robin fqdn..
-
@johnpoz... i need this because not all traffic has the same importance, so low importance should go to same server, where slow answer do not matter...
-
@pedreter and this low importance always comes from 20.20.20.0/24 ? That doesn't make any sense..
-
@johnpoz let me simply the question, because maybe i am not being clear enough... sorry...
Is it possible with pfsense to change the destination address and redirect all incoming traffic to public IP 'A' to public IP 'B' ??
-
@pedreter Yes.. You need to do a port forward.. But the traffic needs to hit your wan IP.. If your doing a bridge like @viragomann mentions you wouldn't be able to do that..
Lets say I have network 5.6.7.0/24 routed to me through my wan IP of 1.2.3.4
And while I might have a wan rule that allows traffic to 5.6.7.x, if I want to change that to go to 5.6.7.y instead I would setup a port forward..
What are you current wan rules?? For pfsense to redirect traffic - the traffic has to hit pfsense.. for it to be redirected.. It should be possible to setup something like this..
But I am not 100% it would work.. But it should..
-
Million thanks for you time and help @johnpoz
That is the problem... the IP belongs to an internal server, not to the PF Wan interface...
-
@pedreter it is routed through pfsense is it not?
If I look up in the internet routing.. for the IP on this server it ends up on the pfsense wan IP does it not? If the network is routed at the isp and you bridge this network to the servers.. I do not think the redirection via a port forward would work..
