Hi Andreas, On Tue, May 24, 2011 at 10:40:41AM +0200, Andreas Kaiser wrote: > Am 24.05.2011 um 09:57 schrieb Frank Heydlauf: ... > > let's draw a chart (use monospaced font!): > > > > ISP > > | > > | > > | > > 4.3.2.17 > > WAN > > pfSense > > NAT+Filter > > LAN OPT1 > > 1.2.3.1/26 1.2.3.129/25 > > | | > > | | <-- VMware virtual switch > > | | > > 1.2.3.5 1.2.3.155 (for example) > > eth0 eth1 > > Webserver > > ... > > And the default-route of "Webserver" goes to 1.2.3.1 ? > > Yes.
If you ping 1.2.3.155 from outside (ISP), the answer packets will return via eth0 and 1.2.3.1. At this point you may (probably will) hit anti-spoofing rules and stateful filter rules at LAN interface. => You'll have to separate your answer-traffic on your web-server based on rules, i.e. source routing based on tcp source-port 443 or 80 or doing it in a more general way: <http://kindlund.wordpress.com/2007/11/19/configuring-multiple-default-routes-in-linux/> There are other options with NAT, proxies etc - but IMO none of them better. -- Gruss Frank --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected] Commercial support available - https://portal.pfsense.org
