Raouf Daghbouche schreef:
On Sun, Dec 27, 2009 at 1:49 PM, Michel Servaes <[email protected]> wrote:
- Go to Firewall > Virtual IP and Create a Virtual IP as CARP, with
your x.y.18.20
- Go to Firewall > NAT and set Manual Outbound NAT rule generation
(Advanced Outbound NAT (AON))
- Then add a rule for your outgoing server/ip, in the Translation
section you will find your x.y.18.20 ip address.
r@
The 2 first instructions went just fine.
The third one, seems to be not working for me.
I tried adding an outbound rule on the LAN interface (since it should be
listening to the inside of my network ?)
I've added the internal ip 192.168.150.9/32 as source, and used the virtual
ip .18.20 as translation.
Also tried adding 192.168.150.9/32 as destination, just to make sure I
didn't mistake myself - but this seems not to work either...
I tried to check using upon http://checkip.dyndns.org to see if my outgoing
connection would be using x.y.18.20, but instead it uses my default LAN to
ADSL backup route (a dynamic ip).
When I disable my default LAN to ADSL route; no comms are possible no more
to the internet.
I have a "SERVERS" rule to make them by default go over to WAN2 (first IP of
that range by default : .18.18)
Default LAN to ADSL route is setup for all leftovers that any other rule
isn't taking care of.
I would like a "SECOND SERVER" rule, to make them by default go over to WAN2
(second IP of that range : .18.20)
So you have the default outgoing NAT rule for your LAN and then the
rule for your second server, both are on the same subnet 192.168.150.x
Try to move it above the default LAN rule and see if it works
I just checked if it was something I do wrong, or the system is
mis-interpreting my "wanted" :)
When enabling Manual Outbound NAT (in opposite of Automatic outbound
NAT), I simply can't surf nowhere nomore !
However one outbound rule is automatically created when changing to
"manual", to allow 192.168.150.0/24 to the WAN (in my case the ADSL
backup line)... but it just simply won't allow me to access the internet
nomore.
When reverting to "automatic" the internet starts working again.
To explain the situation somewhat more :
I have an older Citrix server, that need to stay in service for my
transition phase... which is listening to .18.18 (outside world).
I have setup a new Citrix server (nowadays called XenApp) - and
obviously this one comes back to .18.18 since this is the first address
after the gateway... but this won't work, as this is the older Citrix
serverfarm.
To test if it is working, I would allow my XenApp server (currently only
one) to pass onto the internet with all it's ports... therefore, there
are no rules for their current allocated internal addresses...
Should a normal rule be inserted as well ?? (however, can't choose for a
virtual ip there)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
Commercial support available - https://portal.pfsense.org
