Redirect SMTP and HTTP traffic with virtual IP from a specific source alone

djvenky · Apr 8, 2010, 2:41 PM

Thats gonna be little hard …..i will try to explain you the best.

first -->server network[172.16.x.x/16] VLAN 10 –> connected to layer 3 switch ---> connected to pfsense [for internet]

GW - 172.16.1.10 for server vlan –> route o.o.o.o o.o.o.o. to pfsense 172.16.1.254 --> packets hits pfsense here.
why vlan coz we have few departments who system or files should not be accessed by others and the wifi we have about 5 profiles.
like VIP, staff and guest and so each profile gets a different IP range and cannot access other network. And why cisco switch b'coz it has a concept stacking which gives master and slave switch and both is binded including the ports. each port 1 GBPS so when binded it will work on 2 GBPS and even when one switch is down, it will still start working on the other one.

Eugene · Apr 8, 2010, 4:19 PM

Then I suspect you have to have on pfSense:
1. Rules on LAN allowing net 172.16.0.0/16 to go to Internet using default gateway.
2. Rules on LAN allowing net 172.17.0.0/16 to go to Internet using default 58.xx gateway.
3. Rules on LAN allowing net xxx to go to Internet using ??? gateway.
"allow to go to Internet" means TCP/UDP port 53, TCP ports 80 and 443 at least (and ICMP if you wish).

On NAT->Outbound page you have to create NAT entries for all subnets on proper interfaces.

djvenky · Apr 10, 2010, 4:41 AM

Yep Eugene at last got it to work.. thnx for all the help.

After adding DNS servers in the rule, it all started to work.

Thanks,
Venkat