• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

Multiple WAN and port forward

Scheduled Pinned Locked Moved NAT
4 Posts 2 Posters 848 Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • P
    Phatsta
    last edited by May 20, 2015, 7:28 PM

    I need some help thinking this through. Probably easy as usual, but I just don't see it.

    I have a pfsense with WAN + LAN + UMTS. WAN and UMTS are in gw group (failover only) and outgoing traffic works fine when either gw is going down. The problem is incoming traffic, let's say port 25. I want port 25 to be forwarded to the same internal IP no matter which connection is being used at the time.

    For example: I've got a mail server on ip 192.168.0.254. It's FQDN is example.mail.com. Example.mail.com is CNAME for example.mooo.com (freedns). Freedns points to whatever pfsense tells it to (dynamic dns). But - whenever the failover passes over to UMTS, there simple is no port forwarding rules for this interface, as they all are on interface WAN.

    I can't add duplicate port forwarding rules for different interfaces, of course, so how do I make this happen?

    (History has proven time and time again for this customer that if WAN goes down, it's due to a cut cable which usually takes a few days to get fixed, hence there won't be any quick back and forth between the connections).

    1 Reply Last reply Reply Quote 0
    • D
      dotdash
      last edited by May 20, 2015, 7:56 PM

      @Phatsta:

      I can't add duplicate port forwarding rules for different interfaces, of course, so how do I make this happen?

      Why can't you? Just copy the WAN forward and change the interface and destination.

      Side note, 3G WAN connections are not very reliable for things like incoming SMTP. The provider may not even forward smtp to you.

      1 Reply Last reply Reply Quote 0
      • P
        Phatsta
        last edited by May 21, 2015, 9:55 AM

        Why can't you? Just copy the WAN forward and change the interface and destination.

        Actually I tried that. What happens is the rule changes interface, that's all. Maybe I did somthing wrong, but I don't think so. I'll check it again to make sure.

        Side note, 3G WAN connections are not very reliable for things like incoming SMTP. The provider may not even forward smtp to you.

        I know, and the fact is this is a "if all else fails" kinda deal. Just to get the most important functions to at least limp on. It's sadly the reality for this customer that 3G is the only working failover because they're located on the countryside with very limited options. Also the most common reason for the primary connection going down is that the farmers actually plow too deep and cut the main cable in the process. It's happened 3 springs out of 7  ;D

        But I know for a fact that the ISP forwards all traffic over 3G, at least thus far.

        1 Reply Last reply Reply Quote 0
        • D
          dotdash
          last edited by May 21, 2015, 2:37 PM

          @Phatsta:

          Actually I tried that. What happens is the rule changes interface, that's all. Maybe I did somthing wrong, but I don't think so. I'll check it again to make sure.

          Post the NAT and firewall rules. I do this all the time. Not with 3G specifically, but with different providers.

          1 Reply Last reply Reply Quote 0
          4 out of 4
          • First post
            4/4
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
            This community forum collects and processes your personal information.
            consent.not_received