NAT (Port Forwarding) and web failover
-
thnx for your help marcelloc!!
how must the outbound nat look?
these are the vpn IPs
pfsense1 ip : 10.4.0.1
pfsense2 ip : 10.4.0.2 -
It's on firewall -> nat -> outbound
-
i created an outbound nat but the traffic is still going to the wan interface and not back to vpn
here is my outbound nat ruleInterface webslavelan
Source 192.168.129.0/24
Source Port 443
Destination 10.4.0.0/30
Destination Port *
NAT Address *
NAT Port 443
Static Port NO -
i created an outbound nat but the traffic is still going to the wan interface and not back to vpn
here is my outbound nat ruleInterface webslavelan
Source 192.168.129.0/24
Source Port 443
Destination 10.4.0.0/30
Destination Port *
NAT Address *
NAT Port 443
Static Port NOchange source to any.
does webslavelan is the outgoing interface to reach 10.4.0.0/30? -
thnx for your help man!
this is my network a bit more detailed,
i have tried to put different interfaces and IPs on the outbound configuration but the traffic goes still to my wan :/
now i put vpnsitetosite as interface and source any but it doesn't work.
what should the destination be? is there something else that i need to define? create a new gateway or something like that?
-
Try to go to console and do some package capture to find what interface pfsense is using to send traffic to remote host.
-
the request is going from vpnsitetosite–>webslavelan-->webslave
and the reply is going from webslave-->webslavelan-->wan
i need to send it back to vpnsitetosite interface -
Can you select vpn interface on outgoing nat rule?
-
i can select OpenVPN but not the specific vpn interface.
do i need to create a virtual IP, a rule to 1:1, or something additional?
i have tried many combinations for the outbound rule but the http replies are keep going to the wan interface :/ -
What you get when you select openvpn as interface on outbound nat for this server?
If you can't do it with load balance, consider using a reverse proxy like (varnish,squid-reverse,apache+mod_security)
-
i get the same, nothing changes if i select openvpn as interface.
i will try to find another solution as it seems that what i am trying to do it's not possible with load balance.
thnx for your help!