Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Use Virtual IP for Outbound

    Scheduled Pinned Locked Moved Routing and Multi WAN
    6 Posts 3 Posters 13.8k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • K
      kevpatt
      last edited by

      Hi All,

      We have a private network that is NAT routed thru pfSense. Our WAN interface has 5 usable ip addresses. I already have NAT working fine and a good ruleset for general use. But we also have a mail server for our domain, inside our network. I REALLY need to have this mail server sending mail from a different public IP address. I already have incoming mail traffic (port 25) on the mail server's address forwarding to our mail server, but when the mail server sends mail out, it always originates from the "main" public ip that we use for everything else. I need outgoing mail from our server to "originate" from a different public IP, one of the "virtual IPs" set up in pfSense and part of our public block.

      Is there a way to do this? Any ideas?

      1 Reply Last reply Reply Quote 0
      • dotdashD
        dotdash
        last edited by

        Advanced Outbound NAT. Create a rule with the servers IP/32 as the source and the VIP as the translation. Move this before the default outbound rule.

        1 Reply Last reply Reply Quote 0
        • K
          kevpatt
          last edited by

          I did play around with that briefly. Whenever I had "Manual Outbound NAT rule generation / (AON - Advanced Outbound NAT)" selected, I could net get the web to work at all.

          FWIW, we have multi-wan (3xT1, 1xT1, and 1xT1). Each one of these connects to the pfSense box thru its own dedicated NIC. The 3xT1 is primary and the other two T1s are used for load balancing and failover.

          We are also using SQUID as a transparent proxy on pfsense.

          Maybe the combination of these would make the automatic outbound rules not work? Are there any special considerations I need to keep in mind when switching from automatic outbound NAT rule generation to manual, in light of the above setup?

          In the worst case, I might be able to dispense with either SQUID, or the load-balancing…

          Thanks for the help!  :)

          1 Reply Last reply Reply Quote 0
          • T
            tlum
            last edited by

            Are there any special considerations I need to keep in mind when switching from automatic outbound NAT rule generation to manual

            Yea. You have to keep all the automatically generated rules else most of your traffic goes nowhere.

            1 Reply Last reply Reply Quote 0
            • K
              kevpatt
              last edited by

              Well… I did keep the automatically generated rules... and my traffic seemed to go nowhere!

              1 Reply Last reply Reply Quote 0
              • dotdashD
                dotdash
                last edited by

                The Multi-WAN doesn't make a difference, there are rules for each of your WANs. You just have to make sure the more specific rule comes before the default rule on each WAN. The SQUID may be a problem, I don't run it. If you can, try getting everything running without the SQUID. If it works as expected you can put SQUID back into the mix and see what happens.

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post
                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.