Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    VIP how to? [resolved] –> can't do http to https.

    Scheduled Pinned Locked Moved HA/CARP/VIPs
    2 Posts 1 Posters 1.5k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • J
      jits
      last edited by

      Hi Guys…

      I'm probably n need of a vacation so please forgive if this is stupid..

      I'm trying to configure VIP address so that I can NAT email service...

      We have /29 addresses.

      So, when I use one of those public IP for VIP - IP Alias would I use x.x.x.x/29 or would it be x.x.x.x/32.

      I'm asking because I configure IP Alias using /29 and when I try to access the email address from LAN, I end up on pfsense "possible DNS rebind attack detected" page.

      Now, I should mention that I created a NAT rule that accepts connection from any to IP Alias HTTP, then forwards to HTTPS LAN IP.

      Can't I use the same ports that Pfsense is using...http or https?

      I enter the actual VIP Address and I get connection reset error

      Pictures attached.

      Any clarification or pointers I can get would be appreciated...

      thanks, Jits

      VIP-Alias.gif
      VIP-Alias.gif_thumb
      ![NAT Rule.gif](/public/imported_attachments/1/NAT Rule.gif)
      ![NAT Rule.gif_thumb](/public/imported_attachments/1/NAT Rule.gif_thumb)
      response.gif
      response.gif_thumb
      ![IP Fail.gif](/public/imported_attachments/1/IP Fail.gif)
      ![IP Fail.gif_thumb](/public/imported_attachments/1/IP Fail.gif_thumb)

      1 Reply Last reply Reply Quote 0
      • J
        jits
        last edited by

        Okay..

        VIP ok.

        NAT rule, not okay….

        Http redirect to Https is OHN!  (Oh hell no!)

        Rules changed to reflect HTTPS on VIP and to HTTPS on LAN IP  ...  Works now on both LAN and connecting from outside.

        Jits.

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.