Redirect SMTP and HTTP traffic with virtual IP from a specific source alone
-
kpa is right.
-
Actually we have two ISP. one is WAN [reliance] and the other one is Aircel. In this i am trying route a specific source to any using additional static IP from Aircel ISP which starts with 58.x.x.x series.
-
In this case you have to choose proper Gateway in Firewall->Rules for this specific traffic.
-
Okay i think i am making some other mistake. Internet doesn't even work when i just set the outbound NAT rule. It just starts staying looking up google.com when i hit it on the browser. If i just allow full access to the domain and DNS server in Rules–> LAN isn't that enough ? or do i have to add any specific rules.
But it didn't state connecting to google.com when i hit it in the browser, so i am assuming its only DNS resolution needs to be corrected.
Any clue's where i would have gone wrong. -
In this case you have to choose proper Gateway in Firewall->Rules for this specific traffic.
Yes i checked it, its all set correctly to corresponding GW
-
How many interfaces do you have?
-
3 interfaces:
1. LAN
2. WAN - Reliance ISP
3. Aircel - ISP -
How come you have two networks 172.17.0.0/16 and 172.16.0.0/16 on LAN, what are setting (IP address/mask) on your LAN interface?
-
Actualy our Local LAN network is seperated into different VLAN using cisco catalyst switches.
IP : 172.16.0.0 /16 and 172.17.0.0/16 and 10.5.0.0/16
172.17.x.x for Wireless and 172.16.x.x for servers and 10.5.x.x for desktops like that. -
Little diagram/explanation would definitely have here
172.16.0.0/16 vlan x–--|catalyst|?.?.?.?/? vlan ?-----?.?.?.?/?pfSense
172.17.0.0/16 vlan y----| | -
Thats gonna be little hard …..i will try to explain you the best.
first -->server network[172.16.x.x/16] VLAN 10 –> connected to layer 3 switch ---> connected to pfsense [for internet]
GW - 172.16.1.10 for server vlan –> route o.o.o.o o.o.o.o. to pfsense 172.16.1.254 --> packets hits pfsense here.
why vlan coz we have few departments who system or files should not be accessed by others and the wifi we have about 5 profiles.
like VIP, staff and guest and so each profile gets a different IP range and cannot access other network. And why cisco switch b'coz it has a concept stacking which gives master and slave switch and both is binded including the ports. each port 1 GBPS so when binded it will work on 2 GBPS and even when one switch is down, it will still start working on the other one. -
Then I suspect you have to have on pfSense:
1. Rules on LAN allowing net 172.16.0.0/16 to go to Internet using default gateway.
2. Rules on LAN allowing net 172.17.0.0/16 to go to Internet using default 58.xx gateway.
3. Rules on LAN allowing net xxx to go to Internet using ??? gateway.
"allow to go to Internet" means TCP/UDP port 53, TCP ports 80 and 443 at least (and ICMP if you wish).On NAT->Outbound page you have to create NAT entries for all subnets on proper interfaces.
-
Yep Eugene at last got it to work.. thnx for all the help.
After adding DNS servers in the rule, it all started to work.
Thanks,
Venkat