Push Specific Traffic Through Other IP



  • I have use of 3 IPs and I would like to know if or how I can add a second IP to my pfsense and then push certain traffic, lets say all 80 and 443 traffic through the new IP so if you checked your IP it would show that IP and not the first IP.



  • Set up your IP addresses as additional WANs, then use policy routing via firewall rules to redirect whatever traffic you want through the specified gateway.


  • Netgate

    Or add the IP addresses as VIPs an use outbound NAT to choose which IP address is used.

    You didn't really give us enough information. What are the IP addresses, netmasks, and gateways given to you for WAN?



  • @KOM:

    Set up your IP addresses as additional WANs, then use policy routing via firewall rules to redirect whatever traffic you want through the specified gateway.

    Sounds easy enought, I will give that a go, thank you very much, i was going along this line of thinking but was not sure if that was the way to go



  • Added the new IP as a Virtual IP, having a little trouble finding the place to tell my system to choose that for any 443 traffic so I can test if the new IP shows up on whatismyip.com.

    Tried outbound NAT and original IP still shows when accessing whatitmyip.com which uses HTTPS now and I chose that port.


  • Netgate

    Post what you actually tried in outbound NAT and what you did to add the VIP.



  • Still a little stuck. Here is the info you asked for.



    ![Virtual IP 2.PNG](/public/imported_attachments/1/Virtual IP 2.PNG)
    ![Virtual IP 2.PNG_thumb](/public/imported_attachments/1/Virtual IP 2.PNG_thumb)



  • I think I may have got it but still would like your input

    odd thing happening is that ipchicken or whatismyip show my original IP while google and other show my new IP….


  • Netgate

    Why are you setting source ports? Source ports are generally random.

    Set the source addresses of the hosts you want to receive special treatment, leave the source ports as any.
    Set the destination address to any with the destination ports 80 and 443.
    Set the NAT address to the address you want the source addresses mapped to on the way out of WAN.
    Leave the NAT port any.

    And this is OUTBOUND NAT. All your interfaces should probably be WAN. These rules dictate what happens when traffic goes OUT the chosen interface. There are times when NAT out LAN makes sense but I doubt it's what you're after.



  • @Derelict:

    Why are you setting source ports? Source ports are generally random.

    Set the source addresses of the hosts you want to receive special treatment, leave the source ports as any.
    Set the destination address to any with the destination ports 80 and 443.
    Set the NAT address to the address you want the source addresses mapped to on the way out of WAN.
    Leave the NAT port any.

    And this is OUTBOUND NAT. All your interfaces should probably be WAN. These rules dictate what happens when traffic goes OUT the chosen interface. There are times when NAT out LAN makes sense but I doubt it's what you're after.

    I see what you mean, I will fix the whats in the screen shot as I would like any host on LAN using HTTP or HTTPS to push out through the new IP, I later added I also wanted 21 and 22 as well on the new IP, but I get where you are going and will try that shortly.