Pfsense: Port forwarding behaves diffrently than a D-link router
-
I am trying to understand the port forwarding behaviour in pfsense.
My previous network setup:
MODEM<–>Router[D-link]<–--->ISA2006<----->Private LAN (mail server, web server, portal server)
I was using port forwarding from my router to ISA server. ISA server detects the URL of the request and take appropriate actions. For example https://www.friendspc.ca/owa will be handled differently than https://www.friendspc.ca/portal. It helps me to publish these two sites on separate servers using the same public IP. Recently I got a /30 routed subnet from my ISP and I wanted to publish my portal site as https://portal.friendspc.ca bound to a new public IP address. However, my D-link router was not capable of handling these new public IPs.So I decided to switch to pfsense.
My current network setup:
MODEM<-->router[pfsense]<–--->ISA2006<----->Private LAN (mail server, web server, portal server)I setup port forwarding in pfsense. However it does not send URL with with the port forwarding request so my ISA2006 does not like the request and apply the default behaviour of dropping/ignoring the request.
Can Anyone explains why I am seeing this behaviour in pfsense but not with the D-Link router?
Is there a way to fix it?Note: I must keep ISA2006 in my network setup.
-
What exactly do you mean with a "routed /30 subnet"?
That kind of doesnt make sense because that would mean you have only: "netid, router, usableIP, broadcast"Or do you mean you have 4 public IP's you can use (all in the same subnet)?
In this case you have to setup VIP's. -
Let me add more detail:
My WAN IP (pppoe): 206.248.172.202
My new Routed subnet is : 76.10.178.20/30 so I have one more routable address 76.10.178.22. This IP address is routed through my WAN IP. I do use virtual IP for this. No problem.However, I still need to access https://www.friendspc.ca/owa through my WAN IP. I guess I need to use port forwarding in this case which does not work as I was expecting.
-
I'm not sure i understand correctly what the problem is.
If you forward traffic then this traffic gets forwarded.
There is no
"However it does not send URL with with the port forwarding request so my ISA2006 does not like the request and apply the default behaviour of dropping/ignoring the request."
part.
Either it forwards the traffic or not.Also i'm not sure how exactly you did use your additional /30 subnet.
If it gets routed to your public IP, you can add the first usable IP in the /30 subnet to an interface on pfSense and the second usable IP to a server.
If you created VIP's on the WAN the you should be able to make use of the first and the second IP.
Just NAT forward from the VIP's to your servers in your private address-space.