Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Public IPs from inside and outbound load balancing

    Scheduled Pinned Locked Moved Routing and Multi WAN
    3 Posts 2 Posters 1.8k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • D
      dminstrel
      last edited by

      Hello,

      I'm using 1.2 and configured two connections (a DSL and a T1) in outbound load-balancing according to the documentation. It's working great so far. My issue is that I have servers in my LAN and DMZ mapped to each connection's public IP. The servers host both a webserver and custom software that uses high (>5000) ports for communication. I've configured NAT and firewall rules and accessing each server from outside works fine.

      *** LAN ***                                              *** DMZ ***

      Server A –-----|                                  --------D-Link router ---- ADSL-------|
                            |                                  | WAN                                            |
                            Switch ------- Pfsense ---|                                              INTERNET
                                                                | OPT                                            |
                                                                -------Switch ----- T1--------------|
                                                                          |      |
                                                                          |      |
                                Server B ---  D-Link router---- |      |
                                                                                  |
                                                                            D-Link router
                                                                                  |
                                                                            Server C

      The D-Link router is there because the ADSL uses PPPoE. So the ADSL DMZ uses a private IP block different from the internal LAN. The router has of been configured to forward the necessary ports to the Pfsense. On the T1 side, we have a /29 mask, so we have a different public IP that goes to the Pfsense, Server B and C.

      My problem is that the servers need to communicate with each other using their public IP address. I've searched the forums and didn't find a case similar to mine. Server A (mapped to the ADSL) sees Server B and C just fine using their public address . The reverse, however, does not work. Servers B and C are unable to communicate with Server A using Server A's public IP == ADSL public IP.

      The plan is to move Server B inside the LAN, which would give it the OPT public IP. However I need to keep Server C outside the LAN in the T1 DMZ. I need to be able to access each server from inside the LAN so filtered bridge would not be a solution? Anything else I can try?

      Thanks and best regards,

      Jonathan

      1 Reply Last reply Reply Quote 0
      • GruensFroeschliG
        GruensFroeschli
        last edited by

        What are the default gateways of your servers B and C?
        I assume they have as gateway the OPT interface of pfSense, right?
        Now the public IP on the pfSense WAN is actually on the Dlink router in front of it.

        The immediate solution i see is:
        You set the Dlink router in front of pfSense into bridging mode and let pfSense handle the PPPoE authentication.
        Like this you will get the public IP of the WAN directly on pfSense.
        Then all you need to do is enable NAT reflection and it should work. (At least for port-ranges <500 (this doesnt mean you cannot have ports >500)).

        We do what we must, because we can.

        Asking questions the smart way: http://www.catb.org/esr/faqs/smart-questions.html

        1 Reply Last reply Reply Quote 0
        • D
          dminstrel
          last edited by

          Hi,

          thanks for the answer. However, from what I understand, oubound load-balancing will not work if the WAN interface uses PPPoE directly? I've tried on 1.2 and I'm unable to add a PPPoE link to the pool. Unless this is fixed in 1.3?

          Thanks and best regards,

          Jonathan

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.