Respond to NAT on additional WAN interface
-
Looking for a bit more assistance with an ongoing issue. Has to do with the failover WAN responding to the the primary WANs IP. Below is a bit of a network diagram to reference.
So the network does get advertised out to ISP B when there is a failover and successfully routes out and back in, when ISP A goes down. The issue i'm running into is when trying to get back into anything that is setup with a port forward I get the PFSense GUI. Also run into the issue with outbound NAT. Is there a way to force it the secondary interface with the originating IP coming from the ISP A network? (example being 10.0.0.2 Going out ISP B instead of showing as 192.168.1.2)
-
@wzkds re: port forwards, you will need NAT rules on both interfaces (copy rule with destination of "WAN2 Address"). The only way someone outside would see the pfSense GUI is if port 443 is accessible from the WAN which I would not recommend.
I am not sure I understand your outbound question, but traffic going out 192.168.1.x will need to use that subnet in order to talk to the 192.168.1.1 gateway. But the Internet shouldn't see either of those private IPs.
-
@steveits I'm looking at not trying to use WAN2 address. I'm wanting to use the VIP assigned under the primary WAN. As I understand it, the VIP won't actually be affected unless the interface itself goes down?
As for the outbound, its a similar scenario, I'm wanting to use the same VIP regardless of the interface its sent out. End result being, regardless of which interface is primary for sending out traffic, I want it to always be seen from a specific VIP that is associated to the 10.0.0.x network.