Hello,
I have two boxes set up with WAN CARP IP's which are NAT'ed to different
Virtual server pools. This is working slicker than banana peels in a Bug
Bunny cartoon. The only problem is that I would like to be able to have
the outbound traffic NAT'ed to the inbound CARP IPs, but I can not find
how to do this in the outbound NAT settings unless I opt for 1:1 NAT
which I would rather not if possible.
Example:
Inbound to CARP IP 1.2.3.4 is NAT'ed to a virtual server pool at
192.168.1.10 which is load balanced to 192.168.1.11 and 192.168.1.12
Inbound to CARP IP 1.2.3.5 is NAT'ed to to a virtual server pool at
192.168.1.50 which is load balanced to 192.168.1.25 and 192.168.1.26
With no manual outbound NAT all outbound traffic gets the address of the
Firewall WAN interface as is expected.
If I try to use manual outbound NAT I can only set it for an entire
network so I could set outbound to either 1.2.3.4 or 1.2.3.5, not really
optimal.
I would like to have the outbound traffic appear to be returning from
the respective CARP addresses. In other words, when a client makes a
request to 1.2.3.4, the return packets should have the IP of 1.2.3.4.
When a request is made to 1.2.3.5 the return packets should have the IP
of 1.2.3.5. I have only seen the ability to specify an entire network
(or any???) to outbound NAT such that all return packets would have the
IP of either 1.2.3.4 or 1.2.3.5.
In Linux iptables world I would do something like:
iptables -t nat -A POSTROUTING -o eth1 -s 192.168.1.11 -j SNAT
--to-source 1.2.3.4
iptables -t nat -A POSTROUTING -o eth1 -s 192.168.1.25 -j SNAT
--to-source 1.2.3.5
Am I mising something? I hope so.
Thank You for any suggestions,
JohnM
_______________________________________________
List mailing list
[email protected]
http://lists.pfsense.org/mailman/listinfo/list
