Raouf Daghbouche schreef:
On Sun, Dec 27, 2009 at 1:49 PM, Michel Servaes <mic...@mcmc.be> wrote:
- Go to Firewall > Virtual IP and Create a Virtual IP as CARP, with
your x.y.18.20
- Go to Firewall > NAT and set Manual Outbound NAT rule generation
(Advanced Outbound NAT (AON))
- Then add a rule for your outgoing server/ip, in the Translation
section you will find your x.y.18.20 ip address.
r@
The 2 first instructions went just fine.
The third one, seems to be not working for me.
I tried adding an outbound rule on the LAN interface (since it
should be
listening to the inside of my network ?)
I've added the internal ip 192.168.150.9/32 as source, and used the
virtual
ip .18.20 as translation.
Also tried adding 192.168.150.9/32 as destination, just to make sure I
didn't mistake myself - but this seems not to work either...
I tried to check using upon http://checkip.dyndns.org to see if my
outgoing
connection would be using x.y.18.20, but instead it uses my default
LAN to
ADSL backup route (a dynamic ip).
When I disable my default LAN to ADSL route; no comms are possible
no more
to the internet.
I have a "SERVERS" rule to make them by default go over to WAN2
(first IP of
that range by default : .18.18)
Default LAN to ADSL route is setup for all leftovers that any other
rule
isn't taking care of.
I would like a "SECOND SERVER" rule, to make them by default go
over to WAN2
(second IP of that range : .18.20)
So you have the default outgoing NAT rule for your LAN and then the
rule for your second server, both are on the same subnet 192.168.150.x
Try to move it above the default LAN rule and see if it works
I just checked if it was something I do wrong, or the system is
mis-interpreting my "wanted" :)
When enabling Manual Outbound NAT (in opposite of Automatic outbound
NAT), I simply can't surf nowhere nomore !
However one outbound rule is automatically created when changing to
"manual", to allow 192.168.150.0/24 to the WAN (in my case the ADSL
backup line)... but it just simply won't allow me to access the
internet nomore.
When reverting to "automatic" the internet starts working again.
To explain the situation somewhat more :
I have an older Citrix server, that need to stay in service for my
transition phase... which is listening to .18.18 (outside world).
I have setup a new Citrix server (nowadays called XenApp) - and
obviously this one comes back to .18.18 since this is the first
address after the gateway... but this won't work, as this is the
older Citrix serverfarm.
To test if it is working, I would allow my XenApp server (currently
only one) to pass onto the internet with all it's ports... therefore,
there are no rules for their current allocated internal addresses...
Should a normal rule be inserted as well ?? (however, can't choose
for a virtual ip there)
Okay, thanks for your help...
Got it working now - didn't realize that I also had to make a rule in
the firewall itself !
I though adding an outbound rule would do enough, but it seems you
also have to add a rule in the general LAN rule list, to make it leave
the other gateway (the one with the pool of ip's).
Thank you very much!
Darn, it seems when changing to manual outbound, you'd have to rewrite
everything that already was in place ?
My mailserver now goes out onto the ADSL line as well, instead onto my
pool... is this correct ?
I just reverted back to the automatic mode... for now.
---------------------------------------------------------------------
To unsubscribe, e-mail: support-unsubscr...@pfsense.com
For additional commands, e-mail: support-h...@pfsense.com
Commercial support available - https://portal.pfsense.org
