Redirection



  • 2 questions about the possibly of redirection of the Firewall.

    1. How do I set it up so that anytime someone on the lan goes to a domain xyz.com. that they get redirected to a local lan server ip?

    2. How do I redirect traffic coming into a wan port on a multi wan setup to another external Internet ip. for example. the external address of a wan port is 78.1.2.3 mail traffic is coming into wan port 1 have it redirect out wan  port 2 maybe to another location 74.1.2.3



    1. There are several way to "redirect" someone to a local LAN IP. It really depends on your specific needs, e.g. you could put an entry to your DNS server, resolving e.g. xyz.com to an internal LAN IP (and prevent users from using 3rd party DNS). You have to be more specific, e.g. do you want to block social networking sites? Do you want to redirect all IP traffic, or just some TCP protocols e.g. http/https ?

    2. Assuming for whatever reason you don't want to pubicly list site's #2 mailserver as a an MX, I suppose you could setup a VPN between the two sites and port-forward the WAN1-IP:25 at site #1 to the mailserver running at site #2. Or you could run a full MTA like Postfix at site #1 and then store-and-forward the mails to site #2. I have done the latter occasionally, e.g. with websites hosted on VPS which had its IP "blacklisted" due to activities of previous webmaster.



  • 1. the local zimbra server works best if it is accessed via it's local ip address on the local lan but this causes some minor problems. I was hoping to be able to fix that with a redirect with PFsense. We do not run our own DNS server.

    2. We will be moving shortly which means a new external IP for the mail server. Until the Internet DNS servers catch up we do not want to loss any mail. I think your VPN Idea is the best bet.

    Thank you in advance for the help.



  • 1. I'm not sure I understand what you mean by "local ip" … Is your Zimbra server "dual-homed" ? Anyway, current best practices suggest putting externally accessible servers in the DMZ.

    2. For an office move, I would prefer to temporarily run an MTA (e.g. sendmail, Postfix etc) at both sites and store-and-forward e-mails from old to new. To facilitate a smooth switchover, you can tune the DNS ttl, and change the MX priorities. This will cause no downtime, but wrt your fear of potential loss of mail, there is no serious e-mail server that will drop queued e-mails if the destination is temporarily unreachable.



  • Local Ip = Lan ip 192.168.1.123 - PCs on the local Lan get the best speed and reliably access the zimbra server using the local ip. PC connect through the wan to the server do not have the same reliability issues but use the domain name.

    thanks for all the ideas on question 2


Log in to reply