How To Route Port-Forwarded Response Back To Original Non-Default Router

  • I'm a newbie to pfSense 2.0.  I need someone enlight me how I could handle this situation.

    I have two separate pfSense router A & B resided on the same LAN.  I have a server running mail and FTP with default gateway set to A.  The server also run a webserver that need to be port-forward from B.  With the default gateway set to A how I'm able to route the webserver result back to B? ???

  • Rebel Alliance Developer Netgate

    You would have to do policy routing on the server itself to properly handle that, it can't be done in the firewall.

    Why do you need two separate routers? Why not do everything in one firewall? The issue wouldn't exist then…

  • Well actually both pfsense routers are already dual-WAN (altogether 4 WAN).  The two pfSense are used to serve 10+ servers each.  Just only that particular webserver has such a requirement because the public address cannot be changed.  That server is a WS08R2 and I'm not too sure how it can be configured to perform this kind of source routing (based on source port).

    I remember when I browse the forum I came across several similar cases that I do not fully understand how they were done.  One case mention using ARP to twist the mac address.  Another case was some kind of double NAT??  And one case reagrding setup of firewall routing rule and manipulate of outbound NAT.

    Am I misunderstand those cases?  Is there really no way to configure what I want?

    Anyway thanks for your assistance!

  • Rebel Alliance Developer Netgate

    The problem is not in the firewall, either one of them. It's that your web server doesn't know how to properly send the traffic back where it came from. It may not have any way to distinguish that.

    I'm not sure Windows has any method to pull that off properly.

Log in to reply