Portforwarding Multi Wans
-
Hi!
I have a server with 4 NICs:
3 NICs with ISP connection
1 NIC connected to our LAN(Please take a look at the diagram)
All NICs connected to our ISP gets one public IP via DHCP.
This is what i have done so far:
- Installed Pfsense with WAN and LAN ip´s pointing to the correct NICs
- I added the missing NICs in INTERFACES > ASSIGN and renamed them to WAN2, WAN3
- I checked if the 2 new nics was getting an IP from the ISP and it seems to work fine.
So good so far.
What I want do now is to forward ports from the servers to the new public IPs. And heres the problem:
If you port forward to the WAN1( the one i picked in the installation ) all the ports seems to work fine. But when we port forward something to WAN2 it doesn´t.![wan interface.png](/public/imported_attachments/1/wan interface.png)
![wan interface.png_thumb](/public/imported_attachments/1/wan interface.png_thumb)
-
What's "doesn't work"?
-
But when i try to portforward something to WAN2 it doesnt work.
Please provide more details in the form: When I do … I see ... but I expected to see ... because ...
It seems a reasonably common mistake is for people to set up a port forward for connections arriving on the WAN interface and expect them to work for connections arriving on the LAN interface. But without details of what doesn't work …
-
Not to mention that the last screenshot shows redirect target port empty, which obviously "doesn't work".
-
Not to mention that the last screenshot shows redirect target port empty, which obviously "doesn't work".
Looks to me the Redirect target port is "HTTP".
-
Looks to me the Redirect target port is "HTTP".
Ah, correct. Those red boxes are extremely distracting.
-
Thank you all for your comments. Updated the thread.
-
That did not move us one inch further wrt it "doesn't work" description, I'm afraid. What exactly are you trying to do that doesn't work as expected? Browse to the webserver using the public IPs? From LAN? From outside? Using IPs or the FQDN (And what are the DNS records for those if the latter)? This WANs are failover or something else?
-
It´s actually a pretty simple question:
Why does Pfsense prevent incomming traffic to WAN2 and WAN3, even tho port forwarding is set in the firewall rules?
-
It´s actually a pretty simple question:
Your "simple" question is impossible to answer without providing the requested information.
-
OK, lets try this another way.
Let´s say we have 1 server with 4 network cards.
We connect 3 of network cards to the internet and all 3 network cards now have their own public ip addresses.
We connect 1 to our LAN.
On our LAN we have 5 servers.
We now installed Pfsense and want to allow traffic from WAN1, WAN2, WAN3 to our LAN.
Server1 is our mail server. So we want to allow traffic on port 25, 80, 110 from WAN1 to travel to our server 1
Server2 is our webserver. So we want to allow traffic on port 80 from WAN2 to travel to our server 2
Server3 is our other webserver. So we want to allow traffic on port 80 from WAN3 to travel to our server 3
What would it take for us to allow traffic to travel through on WAN2 and WAN3 to our servers, is there any special NAT settings for this in pfsense?
-
Uh.
1/ In Firewall - NAT you set up the port forwards.
2/ In Firewall - Rules - WANx you allow the traffic as needed.Once again, if you want to debug your issue, provide the requested information. Otherwise, this thread is completely pointless.
-
Found the problem.
When a new firewall rule was created "Filter rule association" was set to "Add associated filter rule". If I pick Pass instead it works. Now it allows traffic to travel through WAN2 to LAN (port forwarding)
I did notice this warning when creating a new firewall rule: "NOTE: The "pass" selection does not work properly with Multi-WAN. It will only work on an interface containing the default gateway."
Anyway, thank you for your help…
-
Out of interest why did you choose 'pass' the first time? Create associated rule is the default setting.
Also you may find that your servers appear to all use the same public IP for outgoing traffic unless you set manual outbound NAT rules.
Steve