Dual wan + advanced nat + port forwarding
-
Should be doable with appropriate advanced outbound nat rules and firewallrules but it's not too easy and too abstract to discuss without details. You should try to understand how outbound NAT works and figure it out yourself.
-
hoba: i'm not a dummy :) i understand that it is not so easy. when packets are coming from first interface, why their replies goes through the second interface? i need something like source routing?
-
Normally the state that was generated on establishing the connection should keep track of where the answer should be send. This might not work for active connections like ftp as these connections don't belong to the same state.
-
ok, so i have some misconfiguration, yep? may i show you my config file?
-
This would need discussing your whole network, IP-Adresses, ranges,…describing in detail how it should work and what exactly you want to do. I think this is beyond the scope of this forum.
Set it up simple first, step by step, not starting with the full implementation. This should help you find what is wrong. Also have a look at the states that your forwards create (either at the webgui or even better at the shell running pftop in realtime).
-
i have very simple network configuration. one primary wan, on wich i publishing my postal services, and one back-up wan, that also connects me directly to domestic adsl-provider, wich brings the leased lines to my branch offices. loadbalance (the way it's implemeted now) isn't working for me. here in russia we still pay for incoming traffic 5-10cc per megabyte, so we have to choose wich line to use mostly, and wich only for failover. i am really waiting for the 1.1 version of pfsense.
-
You will be waiting for quite a while considering 1.0 is not even out yet.
-
i'll be a beta tester for failover (not carp) function, if it's possible. thinking on the ways i can support your project, here in russia, siberia, or just at the novosibirsk city.
anybody can solve my problem, that i described before,
for some money? i forgot i have only roubles. i would try to reconfigure my installation by myself, but i think i didn't made any mistakes there… -
hoba: while i have static route to 87.103.240.0/20 through the second wan interface, there is no way to connect from this network (87.103.240.0/20) to the first wan iterface ip-address. once i delete the static route - everything is allright, but how to route my lan's traffic, that is more suitable to be routed trough the second interface? oh-oh…
-
You don't need routes for directly connected subnets of the pfSense. Just create a pass firewallrule for traffic with destination this subnet with the gateway set to this WAN.