• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

Help with vips setup

Scheduled Pinned Locked Moved HA/CARP/VIPs
9 Posts 2 Posters 2.9k Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • C
    covex
    last edited by Feb 2, 2012, 6:05 AM

    hi there!
    i need some quick help with the setup i have here plz  :)
    my setup:
    public ips: 1.1.1.1 1.1.1.2 1.1.1.3

    [internet]–[pfsense] 1.1.1.1 wan
                                1.1.1.2 vip proxy arp email server (192.168.1.2)
                                1.1.1.3 vip proxe arp web server  (192.168.1.3)

    everything works but in the header of all my outgoing emails cient-ip and received_from_ip is set to 1.1.1.1 instead of 1.1.1.2.
    is it because of nature of the proxy arp vips or something else? would it help if i change proxy arp vips to ip aliase?

    tnx

    1 Reply Last reply Reply Quote 0
    • M
      marcelloc
      last edited by Feb 3, 2012, 10:41 AM

      Just assign  1.1.1.2 vip proxy arp to email server (192.168.1.2)on outbound nat.

      Treinamentos de Elite: http://sys-squad.com

      Help a community developer! ;D

      1 Reply Last reply Reply Quote 0
      • C
        covex
        last edited by Feb 3, 2012, 5:03 PM Feb 3, 2012, 5:01 PM

        marcelloc, thanks for your reply!

        i added the outbound nat
        interface: wan
        proto: tcp/udp
        source: network, 192.168.3.64/27 (my email server's ip is 192.168.3.65/27) why it wont let me set it to 192.168.3.94/27?
        destination: any
        translation: 1.1.1.2

        see attachment

        it didn't help thought. this is what i get in the header of outgoing emails

        Received: from mail.[mydomail].ca ([1.1.1.1])
                by mx.google.com with ESMTPS id f29si3412451anj.58.2012.02.03.08.49.57
                (version=TLSv1/SSLv3 cipher=OTHER);
                Fri, 03 Feb 2012 08:49:57 -0800 (PST)
        Received-SPF: pass (google.com: domain of [senders email] designates 1.1.1.1 as permitted sender) client-ip=1.1.1.1;
        
        

        where 1.1.1.1 is my wan ip address but it should be 1.1.1.2 for my email server

        pic.jpg
        pic.jpg_thumb

        1 Reply Last reply Reply Quote 0
        • M
          marcelloc
          last edited by Feb 3, 2012, 5:08 PM

          The source is only a host, not a network.

          put a /32 on netmask on this outbond nat rule.

          Treinamentos de Elite: http://sys-squad.com

          Help a community developer! ;D

          1 Reply Last reply Reply Quote 0
          • C
            covex
            last edited by Feb 3, 2012, 5:16 PM

            it didn't help.

            pic2.jpg
            pic2.jpg_thumb

            1 Reply Last reply Reply Quote 0
            • M
              marcelloc
              last edited by Feb 3, 2012, 5:20 PM

              change your nat to manual  :)

              Treinamentos de Elite: http://sys-squad.com

              Help a community developer! ;D

              1 Reply Last reply Reply Quote 0
              • C
                covex
                last edited by Feb 3, 2012, 5:29 PM

                it worked! thanks man, really appreciate your help, eh.  ;D

                1 Reply Last reply Reply Quote 0
                • C
                  covex
                  last edited by Feb 9, 2012, 2:17 AM

                  if Automatic outbound NAT rule generation is on is there any way to see what rules were generated?

                  1 Reply Last reply Reply Quote 0
                  • M
                    marcelloc
                    last edited by Feb 9, 2012, 2:33 AM

                    When enabled, everything That pass through firewall will be nated using interface address. Just like the rule created to wan when you selecet outbound.

                    It's done on pf level, not in gui.

                    Treinamentos de Elite: http://sys-squad.com

                    Help a community developer! ;D

                    1 Reply Last reply Reply Quote 0
                    9 out of 9
                    • First post
                      9/9
                      Last post
                    Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
                      This community forum collects and processes your personal information.
                      consent.not_received