Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Push Specific Traffic Through Other IP

    Scheduled Pinned Locked Moved Firewalling
    10 Posts 3 Posters 1.4k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • F
      firebox
      last edited by

      I have use of 3 IPs and I would like to know if or how I can add a second IP to my pfsense and then push certain traffic, lets say all 80 and 443 traffic through the new IP so if you checked your IP it would show that IP and not the first IP.

      1 Reply Last reply Reply Quote 0
      • KOMK
        KOM
        last edited by

        Set up your IP addresses as additional WANs, then use policy routing via firewall rules to redirect whatever traffic you want through the specified gateway.

        1 Reply Last reply Reply Quote 0
        • DerelictD
          Derelict LAYER 8 Netgate
          last edited by

          Or add the IP addresses as VIPs an use outbound NAT to choose which IP address is used.

          You didn't really give us enough information. What are the IP addresses, netmasks, and gateways given to you for WAN?

          Chattanooga, Tennessee, USA
          A comprehensive network diagram is worth 10,000 words and 15 conference calls.
          DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
          Do Not Chat For Help! NO_WAN_EGRESS(TM)

          1 Reply Last reply Reply Quote 0
          • F
            firebox
            last edited by

            @KOM:

            Set up your IP addresses as additional WANs, then use policy routing via firewall rules to redirect whatever traffic you want through the specified gateway.

            Sounds easy enought, I will give that a go, thank you very much, i was going along this line of thinking but was not sure if that was the way to go

            1 Reply Last reply Reply Quote 0
            • F
              firebox
              last edited by

              Added the new IP as a Virtual IP, having a little trouble finding the place to tell my system to choose that for any 443 traffic so I can test if the new IP shows up on whatismyip.com.

              Tried outbound NAT and original IP still shows when accessing whatitmyip.com which uses HTTPS now and I chose that port.

              1 Reply Last reply Reply Quote 0
              • DerelictD
                Derelict LAYER 8 Netgate
                last edited by

                Post what you actually tried in outbound NAT and what you did to add the VIP.

                Chattanooga, Tennessee, USA
                A comprehensive network diagram is worth 10,000 words and 15 conference calls.
                DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
                Do Not Chat For Help! NO_WAN_EGRESS(TM)

                1 Reply Last reply Reply Quote 0
                • F
                  firebox
                  last edited by

                  Still a little stuck. Here is the info you asked for.

                  Outbound.PNG
                  Outbound.PNG_thumb
                  ![Virtual IP 2.PNG](/public/imported_attachments/1/Virtual IP 2.PNG)
                  ![Virtual IP 2.PNG_thumb](/public/imported_attachments/1/Virtual IP 2.PNG_thumb)

                  1 Reply Last reply Reply Quote 0
                  • F
                    firebox
                    last edited by

                    I think I may have got it but still would like your input

                    odd thing happening is that ipchicken or whatismyip show my original IP while google and other show my new IP….

                    1 Reply Last reply Reply Quote 0
                    • DerelictD
                      Derelict LAYER 8 Netgate
                      last edited by

                      Why are you setting source ports? Source ports are generally random.

                      Set the source addresses of the hosts you want to receive special treatment, leave the source ports as any.
                      Set the destination address to any with the destination ports 80 and 443.
                      Set the NAT address to the address you want the source addresses mapped to on the way out of WAN.
                      Leave the NAT port any.

                      And this is OUTBOUND NAT. All your interfaces should probably be WAN. These rules dictate what happens when traffic goes OUT the chosen interface. There are times when NAT out LAN makes sense but I doubt it's what you're after.

                      Chattanooga, Tennessee, USA
                      A comprehensive network diagram is worth 10,000 words and 15 conference calls.
                      DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
                      Do Not Chat For Help! NO_WAN_EGRESS(TM)

                      1 Reply Last reply Reply Quote 0
                      • F
                        firebox
                        last edited by

                        @Derelict:

                        Why are you setting source ports? Source ports are generally random.

                        Set the source addresses of the hosts you want to receive special treatment, leave the source ports as any.
                        Set the destination address to any with the destination ports 80 and 443.
                        Set the NAT address to the address you want the source addresses mapped to on the way out of WAN.
                        Leave the NAT port any.

                        And this is OUTBOUND NAT. All your interfaces should probably be WAN. These rules dictate what happens when traffic goes OUT the chosen interface. There are times when NAT out LAN makes sense but I doubt it's what you're after.

                        I see what you mean, I will fix the whats in the screen shot as I would like any host on LAN using HTTP or HTTPS to push out through the new IP, I later added I also wanted 21 and 22 as well on the new IP, but I get where you are going and will try that shortly.

                        1 Reply Last reply Reply Quote 0
                        • First post
                          Last post
                        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.