• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

Use Virtual IP for Outbound

Scheduled Pinned Locked Moved Routing and Multi WAN
6 Posts 3 Posters 13.8k Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • K
    kevpatt
    last edited by Apr 20, 2012, 3:14 PM

    Hi All,

    We have a private network that is NAT routed thru pfSense. Our WAN interface has 5 usable ip addresses. I already have NAT working fine and a good ruleset for general use. But we also have a mail server for our domain, inside our network. I REALLY need to have this mail server sending mail from a different public IP address. I already have incoming mail traffic (port 25) on the mail server's address forwarding to our mail server, but when the mail server sends mail out, it always originates from the "main" public ip that we use for everything else. I need outgoing mail from our server to "originate" from a different public IP, one of the "virtual IPs" set up in pfSense and part of our public block.

    Is there a way to do this? Any ideas?

    1 Reply Last reply Reply Quote 0
    • D
      dotdash
      last edited by Apr 20, 2012, 5:50 PM

      Advanced Outbound NAT. Create a rule with the servers IP/32 as the source and the VIP as the translation. Move this before the default outbound rule.

      1 Reply Last reply Reply Quote 0
      • K
        kevpatt
        last edited by Apr 23, 2012, 9:54 PM

        I did play around with that briefly. Whenever I had "Manual Outbound NAT rule generation / (AON - Advanced Outbound NAT)" selected, I could net get the web to work at all.

        FWIW, we have multi-wan (3xT1, 1xT1, and 1xT1). Each one of these connects to the pfSense box thru its own dedicated NIC. The 3xT1 is primary and the other two T1s are used for load balancing and failover.

        We are also using SQUID as a transparent proxy on pfsense.

        Maybe the combination of these would make the automatic outbound rules not work? Are there any special considerations I need to keep in mind when switching from automatic outbound NAT rule generation to manual, in light of the above setup?

        In the worst case, I might be able to dispense with either SQUID, or the load-balancing…

        Thanks for the help!  :)

        1 Reply Last reply Reply Quote 0
        • T
          tlum
          last edited by Apr 24, 2012, 2:01 AM

          Are there any special considerations I need to keep in mind when switching from automatic outbound NAT rule generation to manual

          Yea. You have to keep all the automatically generated rules else most of your traffic goes nowhere.

          1 Reply Last reply Reply Quote 0
          • K
            kevpatt
            last edited by Apr 24, 2012, 2:51 PM

            Well… I did keep the automatically generated rules... and my traffic seemed to go nowhere!

            1 Reply Last reply Reply Quote 0
            • D
              dotdash
              last edited by Apr 24, 2012, 3:07 PM

              The Multi-WAN doesn't make a difference, there are rules for each of your WANs. You just have to make sure the more specific rule comes before the default rule on each WAN. The SQUID may be a problem, I don't run it. If you can, try getting everything running without the SQUID. If it works as expected you can put SQUID back into the mix and see what happens.

              1 Reply Last reply Reply Quote 0
              6 out of 6
              • First post
                6/6
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
                This community forum collects and processes your personal information.
                consent.not_received