Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Multiple WAN and port forward

    Scheduled Pinned Locked Moved NAT
    4 Posts 2 Posters 848 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • P
      Phatsta
      last edited by

      I need some help thinking this through. Probably easy as usual, but I just don't see it.

      I have a pfsense with WAN + LAN + UMTS. WAN and UMTS are in gw group (failover only) and outgoing traffic works fine when either gw is going down. The problem is incoming traffic, let's say port 25. I want port 25 to be forwarded to the same internal IP no matter which connection is being used at the time.

      For example: I've got a mail server on ip 192.168.0.254. It's FQDN is example.mail.com. Example.mail.com is CNAME for example.mooo.com (freedns). Freedns points to whatever pfsense tells it to (dynamic dns). But - whenever the failover passes over to UMTS, there simple is no port forwarding rules for this interface, as they all are on interface WAN.

      I can't add duplicate port forwarding rules for different interfaces, of course, so how do I make this happen?

      (History has proven time and time again for this customer that if WAN goes down, it's due to a cut cable which usually takes a few days to get fixed, hence there won't be any quick back and forth between the connections).

      1 Reply Last reply Reply Quote 0
      • dotdashD
        dotdash
        last edited by

        @Phatsta:

        I can't add duplicate port forwarding rules for different interfaces, of course, so how do I make this happen?

        Why can't you? Just copy the WAN forward and change the interface and destination.

        Side note, 3G WAN connections are not very reliable for things like incoming SMTP. The provider may not even forward smtp to you.

        1 Reply Last reply Reply Quote 0
        • P
          Phatsta
          last edited by

          Why can't you? Just copy the WAN forward and change the interface and destination.

          Actually I tried that. What happens is the rule changes interface, that's all. Maybe I did somthing wrong, but I don't think so. I'll check it again to make sure.

          Side note, 3G WAN connections are not very reliable for things like incoming SMTP. The provider may not even forward smtp to you.

          I know, and the fact is this is a "if all else fails" kinda deal. Just to get the most important functions to at least limp on. It's sadly the reality for this customer that 3G is the only working failover because they're located on the countryside with very limited options. Also the most common reason for the primary connection going down is that the farmers actually plow too deep and cut the main cable in the process. It's happened 3 springs out of 7  ;D

          But I know for a fact that the ISP forwards all traffic over 3G, at least thus far.

          1 Reply Last reply Reply Quote 0
          • dotdashD
            dotdash
            last edited by

            @Phatsta:

            Actually I tried that. What happens is the rule changes interface, that's all. Maybe I did somthing wrong, but I don't think so. I'll check it again to make sure.

            Post the NAT and firewall rules. I do this all the time. Not with 3G specifically, but with different providers.

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.