VIP setting
-
Here's the setup :
First pfsense box (Box 1) acting as load balancer , OpenVPN Server for branches and dhcp server for Box 2.
Second pfsense box (Box 2) acting as firewall, content filter.
Two Servers , Server1 and Server 2 are behind the firewall .
All the branches connect to Box 1 through OpenVPN and rdp to Server1. (rdp port 3389 is opened in Box 2 and port forwarded to server 1)
Now I want to assign another IP to Box 2 (VIP) which should port forward to server 2. So that users when use this IP for rdp they are forwarded to server 2.
My Plan :
My plan is to have Virtual IP in Box 2 with IP Alias. Then port forward for this IP to server 2.
I am not sure about this settings so don't want to take any chance.
Also is there any changes I need to make in Box 1 (as it is the dhcp server for box 2).
Any help.
Regards,
Ashima -
I haven't received any response. I just want to confirm if I use virtual Ip with Ip Alias and do a port forward to second server will it work. Since the Pfsense box is at the remote location (at the head office where all branches connect) I don't want to take any chance.
Also should I have to make any change in BOx 1 (the load balancer) as it is the dhcp server fox box 2.
As I am going to make these changes remotely I just want to confirm my step.
Any Help ?
Regards,
Ashima -
If you're providing services behind box 2 it's recommended to have static IPs for that.
Why you want to use dynamic IPs on that box? -
Thank you viragomann.
I am using mac-ip binding in box1 so box2 always get same Ip.
I can of course make box2 to have static Ip if that serves the purpose.
My question is about assigning another Ip (virtual ip) to box2 so that I can access server2 with same port as server 1.Thanks,
Ashima. -
Yes, of course you may assign additional IP aliases to WAN and forward it to the server.
It would also work if the primary is pulled from DHCP. So if you have a static mapping it will be fine to provide a service.
However, the IP aliases have to be static.