Redirect SMTP and HTTP traffic with virtual IP from a specific source alone

Eugene · Apr 7, 2010, 5:46 PM

kpa is right.

djvenky · Apr 7, 2010, 5:52 PM

Actually we have two ISP. one is WAN [reliance] and the other one is Aircel. In this i am trying route a specific source to any using additional static IP from Aircel ISP which starts with 58.x.x.x series.

Eugene · Apr 7, 2010, 5:53 PM

In this case you have to choose proper Gateway in Firewall->Rules for this specific traffic.

djvenky · Apr 7, 2010, 6:29 PM

Okay i think i am making some other mistake. Internet doesn't even work when i just set the outbound NAT rule. It just starts staying looking up google.com when i hit it on the browser. If i just allow full access to the domain and DNS server in Rules–> LAN isn't that enough ? or do i have to add any specific rules.

But it didn't state connecting to google.com when i hit it in the browser, so i am assuming its only DNS resolution needs to be corrected.
Any clue's where i would have gone wrong.

djvenky · Apr 7, 2010, 6:29 PM

@Eugene:

In this case you have to choose proper Gateway in Firewall->Rules for this specific traffic.

Yes i checked it, its all set correctly to corresponding GW

Eugene · Apr 7, 2010, 6:36 PM

How many interfaces do you have?

djvenky · Apr 8, 2010, 5:42 AM

3 interfaces:
1. LAN
2. WAN - Reliance ISP
3. Aircel - ISP

Eugene · Apr 8, 2010, 1:47 PM

How come you have two networks 172.17.0.0/16 and 172.16.0.0/16 on LAN, what are setting (IP address/mask) on your LAN interface?

djvenky · Apr 8, 2010, 2:25 PM

Actualy our Local LAN network is seperated into different VLAN using cisco catalyst switches.

IP : 172.16.0.0 /16 and 172.17.0.0/16 and 10.5.0.0/16
172.17.x.x for Wireless and 172.16.x.x for servers and 10.5.x.x for desktops like that.

Eugene · Apr 8, 2010, 2:26 PM

Little diagram/explanation would definitely have here
172.16.0.0/16 vlan x–--|catalyst|?.?.?.?/? vlan ?-----?.?.?.?/?pfSense
172.17.0.0/16 vlan y----| |

djvenky · Apr 8, 2010, 2:41 PM

Thats gonna be little hard …..i will try to explain you the best.

first -->server network[172.16.x.x/16] VLAN 10 –> connected to layer 3 switch ---> connected to pfsense [for internet]

GW - 172.16.1.10 for server vlan –> route o.o.o.o o.o.o.o. to pfsense 172.16.1.254 --> packets hits pfsense here.
why vlan coz we have few departments who system or files should not be accessed by others and the wifi we have about 5 profiles.
like VIP, staff and guest and so each profile gets a different IP range and cannot access other network. And why cisco switch b'coz it has a concept stacking which gives master and slave switch and both is binded including the ports. each port 1 GBPS so when binded it will work on 2 GBPS and even when one switch is down, it will still start working on the other one.

Eugene · Apr 8, 2010, 4:19 PM

Then I suspect you have to have on pfSense:
1. Rules on LAN allowing net 172.16.0.0/16 to go to Internet using default gateway.
2. Rules on LAN allowing net 172.17.0.0/16 to go to Internet using default 58.xx gateway.
3. Rules on LAN allowing net xxx to go to Internet using ??? gateway.
"allow to go to Internet" means TCP/UDP port 53, TCP ports 80 and 443 at least (and ICMP if you wish).

On NAT->Outbound page you have to create NAT entries for all subnets on proper interfaces.

djvenky · Apr 10, 2010, 4:41 AM

Yep Eugene at last got it to work.. thnx for all the help.

After adding DNS servers in the rule, it all started to work.

Thanks,
Venkat