Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    How to route traffic for 1 Virtual IP to a specific virtual interface

    Scheduled Pinned Locked Moved Routing and Multi WAN
    10 Posts 3 Posters 6.4k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • T
      TU1976
      last edited by

      Hi everybody,

      I have several public-IP´s from my ISP and I have several virtual interfaces on the LAN. Now I want to route all traffic for 1 of these public IP´s to 1 of the virtual interfaces (each virtual interface has a different subnet).

      Actually I am stuck on how to do this, although the question seems absolutely easy. Any help is really appreciated!

      I created a VIP, now I guess I need to create a firewall rule on the WAN-Interface? But how does this rule have to look like?
      Or is there a different way how to do this?

      pfSense 2.0.1 is what I am using.

      Regards!
      TU

      1 Reply Last reply Reply Quote 0
      • M
        Metu69salemi
        last edited by

        Manual Outbound NAT is your answer

        1 Reply Last reply Reply Quote 0
        • S
          Supermule Banned
          last edited by

          Explain why you would use outbound NAT for an inbound configuration?

          1 Reply Last reply Reply Quote 0
          • M
            Metu69salemi
            last edited by

            i figured this out that way, that (s)he wants to use one public ip / vlan in outbound connections. Might be that i didn't understood this problem so well afterall.

            1 Reply Last reply Reply Quote 0
            • T
              TU1976
              last edited by

              Hi everybody,

              thank you for your postings and sorry for not explaining better: It is needed for inbound connections.

              Regards
              TU

              1 Reply Last reply Reply Quote 0
              • M
                Metu69salemi
                last edited by

                Ok try to make a drawing of your current and wanted topology. and can you explain in what kind of case you want to happen.
                Do you want to have server in vlan or do you want to have one ip which is used by one vlan no matter what size it's?

                1 Reply Last reply Reply Quote 0
                • T
                  TU1976
                  last edited by

                  Hi,

                  right now I am interested in the 2nd case, how to use one of my public-IP´s for one specific internal network (running on a virtual interface) only.
                  But I am also interested how to create the first case, how to, for example, have 1 ip for 1 server only (either by using kind of a DMX or exposing them completely).

                  
                  VLAN1 - (LAN-NIC) - (WAN-NIC) - Public IP 1
                  VLAN2 -  (LAN-NIC) - (WAN-NIC) - Public IP 2
                  VLAN3-n /
                  

                  LAN-NIC is a NIC physically available, same for WAN-NIC, this means I have 2 NIC build in my server (I don´t know how to display this in my little drawing above). On the LAN-NIC I run several virtual interfaces.
                  So VLAN1 should be reachable only over public IP 1, the rest over public IP 2.
                  I hope this explaination helps.

                  Best regards
                  TU

                  1 Reply Last reply Reply Quote 0
                  • M
                    Metu69salemi
                    last edited by

                    For Inside to outside trafic: Manual outbound nat
                    For Outside to inside trafic: Portforward or 1:1 Nat
                    Additional IP's to wan-nic: VIP's

                    Edited: Middle section

                    1 Reply Last reply Reply Quote 0
                    • T
                      TU1976
                      last edited by

                      ok, now one question:

                      Imagine I have 2 public IPs and 2 NTP-servers. Both are listening on Port 123.
                      NTP1 is showing the time for timezone 1, NTP2 is showing the time for timezone2 .

                      Now if people want to reach NTP1 they should type the IP1 in their NTP-Client to reach it or if they want to reach NTP2 they need to type the public-IP2. But how to set this up on the pfSense?
                      Portforward  and NAT will only allow me to forward port 123 to one server, or am I wrong? Or how do I need to setup Portforwarding-Rules or NAT-Rules to listen to only 1 specific IP-adress? Do I need to setup some virtual WAN-NICs to get this to work?

                      Thank you VERY MUCH for your help up to here, I really appreciate it.

                      TU

                      1 Reply Last reply Reply Quote 0
                      • M
                        Metu69salemi
                        last edited by

                        With a search you can found that your question is already answered.
                        But, do you want to send also different trafic from these servers via these public-ip's?

                        if only this ntp trafic is what you want:
                        1. Add VIP's as many you have/need
                        1.1 Go To: Firewall: Virtual IPs and press +
                        Then add these values:

                        
                        Type: IP Alias
                        Interface: WAN
                        IP Adress: Your additional p-IP with a mask /32
                        Description: What ever you want
                        
                        

                        1.2 Apply changes after saving

                        2. Add Aliases
                        2.1 Go To: Firewall: Aliases and press +
                        Then add these values:

                        
                        Name: Server1 (or second round: Server2)
                        Description: VLAN # NTP-Server(or whatever you like)
                        Type: Host(s)
                        IP: Server internal IP
                        Description: Server name (or whatever you like)
                        
                        Now do it again for another server, and after that
                        NAME: PublicServer1 (or second round: PublicServer2)
                        Description: what ever you like, but keep it descipive
                        Type: Host(s)
                        IP: Server Outside IP
                        Description: what ever you like
                        
                        So you end up to have 4 Host-aliases: Server1, Server2, PublicServer1, PublicServer2
                        
                        

                        2.2 Apply changes after saving

                        3. Port Forwards
                        3.1 Go To: Firewall: NAT and press +
                        Then add these values:

                        
                        !Notice, that if you find a field which is not told to be touched unnotice those.
                        
                        Interface: WAN
                        Protocol: UDP
                        Destination:
                         Type: you can either select your WAN/VIP or "Single Host or Alias"
                         Address: If you chose "Single Host or Alias", then you can type PublicServer1 (or PublicServer2)
                        Destination port range: from:NTP to:NTP
                        Redirect target IP:Server1 (or Server2)
                        Redirect target port: NTP
                        Description: what ever you like
                        
                        Now save and do it again for second server
                        
                        

                        3.2 Apply after saving changes

                        Before 4th step you need to choose, if you want to have any other trafic also flowing with this additional public-ip
                        like all trafic from vlan2 to go via p-ip1 and all trafic from vlan3 go via p-ip2

                        4. Manual Outbound NAT
                        4.1 Go To: Firewall:NAT:Outbound
                        4.2 Press Manual Outbound NAT and save
                        4.3 Press + and after that add these values

                        
                        NOTICE!: If you find untold field, leave it as is
                        
                        Interface: WAN
                        Protocol: UDP (or if any trafic from this vlan, then ANY)
                        Source:
                         Type: Network
                         Address: Either Server1/Server2 (or your vlan subnet) and SM is to server /32 and vlan probably /24
                        Translation: 
                         Address: Again you can choose WAN/VIP or Host alias(then choose PublicServer(1/2) )
                        Description: What ever you like
                        Save
                        
                        Repeat these to another server
                        
                        

                        4.4 Change the order of the Mappings, that your server rules is above any other rules
                        4.5 Save, Apply changes

                        5. Test that anything works
                        5.1 Enjoy

                        In case of something doesn't work Read/search forum before posting. also Documentation might help

                        1 Reply Last reply Reply Quote 0
                        • First post
                          Last post
                        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.