Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Scenario question

    Scheduled Pinned Locked Moved Traffic Shaping
    2 Posts 2 Posters 2.1k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • A
      apogee7
      last edited by

      I wan't sure where to put this since accomplishing this would seem to require more than one area.  Nevertheless, my goal is to achieve a viable traffic shaping scenario, so I'm posting here.

      Here's what we currently have.

      A switch connected to our main T1 line.  This switch then connects to:

      • three servers with their own public IP addresses.
      • pfSense with its own WAN public IP, which supplies our LAN and forwards a few ports to a specific machine inside the LAN.

      So, we have 4 public IPs, one for pfSense, and three for servers outside pfSense.

      The problem with this is that Traffic Shaping can't work, since the three servers out outside and upload/download rates inside the LAN depend on the load of these servers.

      Unfortunatly, I know just about enough about routing, etc., but be dangerous, so I'm hoping some of the veterans here can help me out.

      What I want to accomplish is this:

      The three servers live behind the firewall on a single port with a switch on it.  Using some technique my noob brain doesn't know about (static routes?), pfSense routes packets intended for the three servers to the three servers in the DMZ?  How can I get all four IPs to be routed on the single pfSense port, one to the LAN and three to the proper servers in the DMZ?  Ah, this is all a bit to weird for me to grok.

      Thanks very much for your help.

      –Steven

      1 Reply Last reply Reply Quote 0
      • GruensFroeschliG
        GruensFroeschli
        last edited by

        You setup VIP's (Virtual IP's)

        Check out "Firewall" –> "Virtual IPs"
        Imho best is if you just use CARP-type VIP's even if you dont use the CARP functionalities.

        I assume you have a firewall-computer with 2 ports:
        WAN and LAN.

        Now just create 3 VIPs (plus the "real" IP on the interface itself) and create a 1:1 NAT for every server if you need it, or just forward the ports you need to your Servers.

        Like this your Servers and Clients are within the same subnet. Is this what you want?
        Or do you have 3 Interfaces and on one all your servers?
        Then the Traffic Shaper is of no use since it (currently) only runs between 2 Interfaces.

        We do what we must, because we can.

        Asking questions the smart way: http://www.catb.org/esr/faqs/smart-questions.html

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.