• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

Hello anyone could this scenario be possible in NAT outbound translation

Scheduled Pinned Locked Moved Firewalling
14 Posts 3 Posters 3.6k Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • K
    kirlox_kitoy
    last edited by Jul 29, 2011, 7:57 PM

    Setup is

    ISP1–---- | 
      ISP2------ | Pfsense Firewall 1---------->Pfsense Firewall 2----------->LAN
      ISP3------

    I want some of my LAN workstation to go to ISP1 as default gateway
    then some of it goes to ISP2 and ISP 3,having this setup is it possible actually the Firewall 2 has a special purpose so thats why I cant get the thing out from the diagram,I need ideas here thanks.

    1 Reply Last reply Reply Quote 0
    • M
      Metu69salemi
      last edited by Jul 29, 2011, 9:25 PM

      If that is done by pfsense1 why not?
      But do you want to open up what you want to achieve?

      1 Reply Last reply Reply Quote 0
      • K
        kirlox_kitoy
        last edited by Jul 30, 2011, 4:46 AM

        @Metu69salemi:

        If that is done by pfsense1 why not?
        But do you want to open up what you want to achieve?

        Yeah I want that Pfsense firewall 1 will be able to see the addresses on the LAN side because from that data, I will be able to segregate Such LAN ips to ISP1 and some to ISP2 & ISP3.

        1 Reply Last reply Reply Quote 0
        • M
          Metu69salemi
          last edited by Jul 30, 2011, 12:46 PM

          If firewall #2 is not natting you can see original ip-addresses in pfsense#1 and so on you can decide isp's

          1 Reply Last reply Reply Quote 0
          • N
            Nachtfalke
            last edited by Jul 30, 2011, 1:00 PM

            @Metu69salemi:

            If firewall #2 is not natting you can see original ip-addresses in pfsense#1 and so on you can decide isp's

            And if firewall #2 is not using squid so that pfsense#1 can see the clients ip addresses and not only the proxy ip address.

            1 Reply Last reply Reply Quote 0
            • M
              Metu69salemi
              last edited by Jul 30, 2011, 1:03 PM

              @Nachtfalke:

              @Metu69salemi:

              If firewall #2 is not natting you can see original ip-addresses in pfsense#1 and so on you can decide isp's

              And if firewall #2 is not using squid so that pfsense#1 can see the clients ip addresses and not only the proxy ip address.

              Thanks for completing sentences ;)

              1 Reply Last reply Reply Quote 0
              • K
                kirlox_kitoy
                last edited by Jul 30, 2011, 3:54 PM

                Suppose if it has squid, will that be a big problem? is there a workaround,if there is squid residing in firewall # 2

                1 Reply Last reply Reply Quote 0
                • N
                  Nachtfalke
                  last edited by Jul 30, 2011, 4:57 PM

                  Yes, it would be a problem because all client which are using the proxy alway have the same IP than the proxy. so it wouldn't be possible for pfsense#1 to decide which client initiated the connection - it is always the proxy.

                  1 Reply Last reply Reply Quote 0
                  • K
                    kirlox_kitoy
                    last edited by Jul 30, 2011, 5:37 PM

                    @Nachtfalke:

                    Yes, it would be a problem because all client which are using the proxy alway have the same IP than the proxy. so it wouldn't be possible for pfsense#1 to decide which client initiated the connection - it is always the proxy.

                    Is there no work around with this? even outbound NAT and 1:1? or if you have any ideas.

                    1 Reply Last reply Reply Quote 0
                    • N
                      Nachtfalke
                      last edited by Jul 31, 2011, 12:17 AM

                      just bypassing squid for source ip addresses.

                      This is what I know abou this. I do not know any way to see the real client ips after they passed a proxy.

                      Perhaps it would be possible to explain us more in detail what you want to realize with pfsense#1 and pfsense#2 and why there should be two pfsense boxes or why squid should run on box #2 and not on box#1

                      1 Reply Last reply Reply Quote 0
                      • K
                        kirlox_kitoy
                        last edited by Jul 31, 2011, 3:21 AM

                        @Nachtfalke:

                        just bypassing squid for source ip addresses.

                        This is what I know abou this. I do not know any way to see the real client ips after they passed a proxy.

                        Perhaps it would be possible to explain us more in detail what you want to realize with pfsense#1 and pfsense#2 and why there should be two pfsense boxes or why squid should run on box #2 and not on box#1

                        The reason for having 2 pfsense boxes and segregating its because
                        a.) I am using 1.2.3 snapshot.
                        b.) When I try to load balance a Multi -Wan and Running together with squid package on the same box this gives me an Issue on the load balancer side.
                        Thats the reason why I segregate the boxes so that each boxes will be running its specific function as load balancer and as a squid proxy.

                        1 Reply Last reply Reply Quote 0
                        • N
                          Nachtfalke
                          last edited by Jul 31, 2011, 10:18 AM

                          Then take a look at this thread/tutorial:

                          http://forum.pfsense.org/index.php/topic,37083.0.html

                          1 Reply Last reply Reply Quote 0
                          • K
                            kirlox_kitoy
                            last edited by Jul 31, 2011, 5:42 PM

                            Will this work for 3 ISP's as to be load balanced, in his example he has only 2 ISP links.

                            1 Reply Last reply Reply Quote 0
                            • N
                              Nachtfalke
                              last edited by Jul 31, 2011, 6:37 PM

                              LoadBalancing in general is working with more than two links. If i remember correct a user in this forum is LoadBalancing up to 8 lines.

                              Because I am not using LoadBalancing and squid on one machine I do not know if it will work with more than two lines but I think it would be possible.

                              1 Reply Last reply Reply Quote 0
                              14 out of 14
                              • First post
                                14/14
                                Last post
                              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
                                This community forum collects and processes your personal information.
                                consent.not_received