VIP how to? [resolved] –> can't do http to https.



  • Hi Guys…

    I'm probably n need of a vacation so please forgive if this is stupid..

    I'm trying to configure VIP address so that I can NAT email service...

    We have /29 addresses.

    So, when I use one of those public IP for VIP - IP Alias would I use x.x.x.x/29 or would it be x.x.x.x/32.

    I'm asking because I configure IP Alias using /29 and when I try to access the email address from LAN, I end up on pfsense "possible DNS rebind attack detected" page.

    Now, I should mention that I created a NAT rule that accepts connection from any to IP Alias HTTP, then forwards to HTTPS LAN IP.

    Can't I use the same ports that Pfsense is using...http or https?

    I enter the actual VIP Address and I get connection reset error

    Pictures attached.

    Any clarification or pointers I can get would be appreciated...

    thanks, Jits



    ![NAT Rule.gif](/public/imported_attachments/1/NAT Rule.gif)
    ![NAT Rule.gif_thumb](/public/imported_attachments/1/NAT Rule.gif_thumb)


    ![IP Fail.gif](/public/imported_attachments/1/IP Fail.gif)
    ![IP Fail.gif_thumb](/public/imported_attachments/1/IP Fail.gif_thumb)



  • Okay..

    VIP ok.

    NAT rule, not okay….

    Http redirect to Https is OHN!  (Oh hell no!)

    Rules changed to reflect HTTPS on VIP and to HTTPS on LAN IP  ...  Works now on both LAN and connecting from outside.

    Jits.


Log in to reply