Title: Default routes and Opt1 nics
I have a setup which was just implemented to span two broadband networks, 30 VPN mobile clients and a port forward (redundant link to our internal db server).
Here is a rough drawing of my setup in ascii
192.168 networks
FW1 FW2 19.1(22.2) 20.1(22.3) (each FW has 3 nics 1 WAN 1 LAN 1OPT1)
| | | |
| Router --|----| (19.2)(20.2)(21.1)(22.1) (router has 4 nics with the addresses listed)
| | | | | |
| PCLAN | | PCLAN(21.0) | (DB server NIC 1 - (21.10 ))
\ | / | | |
\ DB / | | |
\ | / / | /
VOIPLAN <--/ 22.0 -------/ (DB server NIC 2 - (22.10))
I have a DB server which runs reports for these users, I have (2 nics) in the box and successfully serving
Because this company has a daul broadband setup, we planned on redundant links to the internet using the above setup. The router is setup to fail over to FW2 as the default route assuming it can’t hit the internet anylonger via FW1.
But recently we have several sales members which have started connecting to this reports DB from the road. But, I can only get the router internally (which is just a CentOS box running Ipfw) to route from FW1 to internal PCLAN (while the default GW on the router is set to FW1). If I switch it to FW2 (as the default GW on the router) I can then connect to the internal PCLAN.
Due to my setup, I need to make both FW1 and FW2 connect to just one port internally for redundancy as well as load. Rather than go through the outbound redundant setup, I thought maybe I could put another nic in the FW1 and FW2, Activate the second nic in our DB server and place it on our VOIP network (which is 22.0). I can then port forward both FWs to the internal 22.10 server rather than try and go through the router. This would make my internal network have a redundant internet link via FW1 and FW2, but also give my a redundant link from FW1 and FW2 to the internal DB server.
The problem is, I can’t seem to get this setup active, Is there something special in the pfsense config I need to do to port forward from the WAN to the OPT1(22.2)(22.3) address (which is actually a network link to the internal server (22.10)?
Any suggestions are welcome, I am rather stuck with this setup.
--
Heath Henderson
[EMAIL PROTECTED]
1800 288 7750
--
- [pfSense-discussion] Logging on to a syslog server Sanjay Arora
- [pfSense-discussion] Re: Logging on to a syslog serv... Marcus Bajohr
- Re: [pfSense-discussion] Re: Logging on to a sysl... Nick Buraglio
- [pfSense-discussion] Default routes and Opt1 ... Heath Henderson
- Re: [pfSense-discussion] Re: Logging on to a ... Sanjay Arora
