LAN side internal load-balance. Help!
-
I have a problem that seems like it should be easy to do, but pfSense hates me.
I have several SMTP servers. I would like to be able to load balance them when one of our LAN servers sends emails. I do not need nor want it accessible from the WAN.
For example,
LAN interface: 172.24.0.1/16
Load Balance IP: 172.24.200.254
Pool IPs; 172.24.200.1-4Yes, they are all in the same subnet.
If I telnet (port 25) directly to the SMTP servers (eg 172.24.200.1) I can connect fine. If I try the same with 172.24.200.254, nada.
I have seen information saying that I need to do NAT Reflection or something, but I can't figure out where, how, or what to add.
Please help.
-
romp,
Pfsense does not hates you, it's just doing what you configured :)
See what is happening:
workstation 172.24.150.20 asks 172.24.200.254 a smtp connection
172.24.200.254 forward this request to 172.24.200.1 pool member
172.24.200.1 accepts the request and answer ok to 172.24.150.20.
172.24.150.20 rejects the message as it asked 172.24.200.254 for a connection.Forcing source ip to 172.24.200.254 while talking to 172.24.200.1-4 using an outbound nat rule will fix this communication issue.
You may need to change outbound nat to manual before applying the rule.att,
Marcello Coutinho