Routing traffic to a remote site



  • This may not be the best place for this question, I'm pretty sure it is some sort of routing issue, but it isn't exactly using the multiWan as this is talking at routing traffic between two different sites.

    I've been trying to get something to work for a little while and no joy from the mailing list.
    I have two separate pfSense installations, and I want to route traffic from one to a system behind the 2nd one. Our primary location has a limited number of IPs (5) and we need to host several SSL sites, so we need a unique IP for each one. I can get plenty of IPs at a remote location, and am trying to figure out some way to redirect connections from those IPs to ones at our main site.

    I can get it there just fine (over a GRE tunnel at the moment), but it doesn't look like it knows to reply back out of the remote firewall. (I tracked the packets as best I could using the packet filter). I can set up additional IPs, or even a separate subnet dedicated to this traffic at the local site if necessary. I've already tried putting it on a dedicated IP and telling it (in a firewall rule) that traffic from that IP should use the remote end of the tunnel as it's gateway. I have 3 pfSense boxes set up at the moment (4 if you count CARP failovers) but I'm a bit out of my depth at this level of networking voodoo. I'd be perfectly happy to get a support subscription if this is something that should be technically possible, I just don't have the money to spend on it and then be told it can't be done, as this is the only issue I really need assistance with at the moment.

    I'm not wedded to the idea of tunnels either, if I could get it to work, I'd be perfectly happy redirecting traffic (to port 443) from a public IP on firewall A to a public IP on firewall B.

    The frustrating thing is I've gotten both ways to work randomly (both just a simple NAT redirect from one public IP to another w/o any tunnels between firewalls, and nating over the firewall. But it's very rare, maybe 1 time in 100, and I'm at a loss for why it would work sometimes but not others.


Locked