4. VIP how to? [resolved] –> can't do http to https.

VIP how to? [resolved] –> can't do http to https.

  • J

    Hi Guys…

    I'm probably n need of a vacation so please forgive if this is stupid..

    I'm trying to configure VIP address so that I can NAT email service...

    We have /29 addresses.

    So, when I use one of those public IP for VIP - IP Alias would I use x.x.x.x/29 or would it be x.x.x.x/32.

    I'm asking because I configure IP Alias using /29 and when I try to access the email address from LAN, I end up on pfsense "possible DNS rebind attack detected" page.

    Now, I should mention that I created a NAT rule that accepts connection from any to IP Alias HTTP, then forwards to HTTPS LAN IP.

    Can't I use the same ports that Pfsense is using...http or https?

    I enter the actual VIP Address and I get connection reset error

    Pictures attached.

    Any clarification or pointers I can get would be appreciated...

    thanks, Jits



    ![NAT Rule.gif](/public/imported_attachments/1/NAT Rule.gif)
    ![NAT Rule.gif_thumb](/public/imported_attachments/1/NAT Rule.gif_thumb)


    ![IP Fail.gif](/public/imported_attachments/1/IP Fail.gif)
    ![IP Fail.gif_thumb](/public/imported_attachments/1/IP Fail.gif_thumb)

    0
  • J

    Okay..

    VIP ok.

    NAT rule, not okay….

    Http redirect to Https is OHN!  (Oh hell no!)

    Rules changed to reflect HTTPS on VIP and to HTTPS on LAN IP  ...  Works now on both LAN and connecting from outside.

    Jits.

    0
Log in to reply
 

Products

Applications

Support

Services

News

Resources

Company

Our Mission

As host of the pfSense open source firewall project, Netgate believes in enhancing network connectivity that maintains both security and privacy. We also believe everyone should be able to afford it.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2002 - 2019 Rubicon Communications, LLC | Privacy Policy