pfsense redirect sites through different links

Bruno27live

could anyone teach me how I can target sites by the desired link?
ex:
link1 = all sites - not youtube
link2 = balancing with link1 all sites -not youtube
link3- youtube only

I really need to know how to do this I do not understand much about nat the youtube site is just an example and I also intend to use it in aliases for more than one site.

KOM

I've read this three times and still have no idea what you mean or what you're trying to do.

Bruno27live

Sorry, I'm using the translator.

I have a link balancing on 3 wan ports
my objective is
access a particular site only through a wan port

KOM

OK, that makes much more sense, but unfortunately I can't help you since I don't use any load-balancing or have multiple WAN links to play with. Hopefully someone else will reply.

moo82

@Bruno27live said in pfsense redirect sites through different links:

could anyone teach me how I can target sites by the desired link?
ex:
link1 = all sites - not youtube
link2 = balancing with link1 all sites -not youtube
link3- youtube only

I really need to know how to do this I do not understand much about nat the youtube site is just an example and I also intend to use it in aliases for more than one site.

If you are able to match the traffic in a reliable way, then it's just about setting a specified gateway (link3) for this traffic. For some multiple connection protocols like passive FTP or external services using some content delivery system, it may be hard or impossible to do without some application detection layer in-between.

link1 and link2 in load balance mode, remove link3 gateway from this load balance group if it's in there. Let's say link3's gateway is called link3GW

Let's say the service in question, named 'ex1' uses TCP at ex1a.example.com:8855, ex1b.example.com:8855, and ex1c.example.com. Your entire local network is on LAN port.

You could then make a port alias for 8855 named 'ex1_ports', and an IP alias named 'ex1_sites' listing ex1a.example.com,
ex1b.example.com, and ex1c.example.com.
On the LAN tab, above where this traffic is allowed out now, you set up
Pass, type TCP source: * destination: ex1_sites destination port: ex1_ports
In the advanced section, you go to Gateway and set this to link3GW. This rule will then show an icon in the rules list to let you know you set an advanced option.

Let's say the next service in question is named 'ex2' and uses UDP at *:8080-8099.
Make a port alias for 8080-8099 named 'ex2_ports' and on the LAN tab below the ex1 rule you add
Pass, type UDP source: * destination: * destination port: ex2_ports
In the advanced section, you go to Gateway and set this to link3GW. This rule will then show an icon in the rules list to let you know you set an advanced option.

If a single computer or set of computers in your LAN use some service on random sites at TCP:443 which should use link3GW, then you make an alias for these computers (ex3_lan_servers) and set them as a source alias, with the rest of the setup same as before. All other eventual HTTPS traffic from these computers would then also use link3GW unless you use another rule to match some of that traffic to the load balanced GW.

If the external service is an FTP server then you would make an alias for the host(s) and just not set a destination port. The random port data connection would then also be matched to link3GW. We use the FTP_Client_Proxy for this, and I think it may work if it doesn't add it's rules to the top of the ruleset, above your redirect rules (I think the default is to add to the bottom).

If there aren't any identifying characteristics of the source or destination you won't be able to match the traffic, and can't set a specified gateway. There must be some identifying feature to divert the traffic this way.