Multiple WAN and port forward

Phatsta

I need some help thinking this through. Probably easy as usual, but I just don't see it.

I have a pfsense with WAN + LAN + UMTS. WAN and UMTS are in gw group (failover only) and outgoing traffic works fine when either gw is going down. The problem is incoming traffic, let's say port 25. I want port 25 to be forwarded to the same internal IP no matter which connection is being used at the time.

For example: I've got a mail server on ip 192.168.0.254. It's FQDN is example.mail.com. Example.mail.com is CNAME for example.mooo.com (freedns). Freedns points to whatever pfsense tells it to (dynamic dns). But - whenever the failover passes over to UMTS, there simple is no port forwarding rules for this interface, as they all are on interface WAN.

I can't add duplicate port forwarding rules for different interfaces, of course, so how do I make this happen?

(History has proven time and time again for this customer that if WAN goes down, it's due to a cut cable which usually takes a few days to get fixed, hence there won't be any quick back and forth between the connections).

dotdash

@Phatsta:

I can't add duplicate port forwarding rules for different interfaces, of course, so how do I make this happen?

Why can't you? Just copy the WAN forward and change the interface and destination.

Side note, 3G WAN connections are not very reliable for things like incoming SMTP. The provider may not even forward smtp to you.

Phatsta

Why can't you? Just copy the WAN forward and change the interface and destination.

Actually I tried that. What happens is the rule changes interface, that's all. Maybe I did somthing wrong, but I don't think so. I'll check it again to make sure.

Side note, 3G WAN connections are not very reliable for things like incoming SMTP. The provider may not even forward smtp to you.

I know, and the fact is this is a "if all else fails" kinda deal. Just to get the most important functions to at least limp on. It's sadly the reality for this customer that 3G is the only working failover because they're located on the countryside with very limited options. Also the most common reason for the primary connection going down is that the farmers actually plow too deep and cut the main cable in the process. It's happened 3 springs out of 7  ;D

But I know for a fact that the ISP forwards all traffic over 3G, at least thus far.

dotdash

@Phatsta:

Actually I tried that. What happens is the rule changes interface, that's all. Maybe I did somthing wrong, but I don't think so. I'll check it again to make sure.

Post the NAT and firewall rules. I do this all the time. Not with 3G specifically, but with different providers.