> Hi list, > > I need to "public" some ports of a server in a DMZ. > So I create a VIP ( ip alias ) in WAN with the public ip that i must have > for the server ( it is different from the ip of the wan interface of the > pfsense ). > Then I created a "Port Forward" : > > Inteface: Wan > Source: Any > Destination: VIP > Destination port: 80 > Redirect target ip: Private ip of the server in DMZ NAT reflection: Use > system default Filter rule association: NAT Rule > > From the outside I can contact my server properly. > > The problem is that when my server goes out on the internet is viewed with > the public ip of the firewall. > What should I do to make sure that when the server goes outside uses the > address specified in the VIP? > > Thanks for your help. >
Option 1: Setup advanced outbound nat rule for internal server to use VIP. ( I have never tried this, but it seems like it should work ) Option 2: Don't use port forward. Use 1:1 NAT and use firewall rules to block unwanted traffic ( I have tried this and it works great. ) Ryan Rodrigue _______________________________________________ List mailing list [email protected] http://lists.pfsense.org/mailman/listinfo/list
