RE: [pfSense Support] Sending traffic out a 2nd WAN interface
Thanks to all those that helped. It was changing the gateway to default that did the trick. Ron. -Original Message- From: Evgeny Yurchenko [mailto:evg.yu...@rogers.com] Sent: Tuesday, November 03, 2009 11:08 AM To: support@pfsense.com Subject: Re: [pfSense Support] Sending traffic out a 2nd WAN interface Ron Lemon wrote: Hi Chris and Keenan, It is still not working so this is exactly what I have. I don't usually post all the live IPs but at this point I just need it to work. Windows 2K3 Server (no firewall) 10.0.3.1 This guy needs to receive LDAP and SMPT traffic from OPT1 Interface LAN Rules: Proto Source Port DestPort GW Sched TCP * *142.46.226.22 25 142.47.56.89 TCP * *142.46.226.24 389 142.47.56.89 TCP * *10.250.223.148 389 142.47.56.89 * LAN net ** ** OPT1 Rules: TCP 142.46.226.24 *10.0.3.1389 142.47.56.89 TCP 10.250.223.148 *10.0.3.1389 142.47.56.89 TCP 142.46.226.22 *10.0.3.125 142.47.56.89 ICMP * ** ** TCP 142.46.226.16 *LAN net *142.47.56.89 OPT1 is on a private network with ip of 142.47.56.90/28 with GW of 142.47.56.89 From a workstation I can successfully telnet out to 142.46.226.22:25 but I cannot telnet to either of the 389 addresses When they try and telnet to me I do see traffic in my FW capture from them on OPT1 for 389 but it never gets passed to the inside machine. This is driving me nuts and I am sure I am missing something simple, please any help is appreciated. I do not think you need to specify gateway in OPT1 rules, make it default. Then, you have to set up port forward nat on OPT1, so traffic destined to 142.47.56.90:389 should be forwarded to 10.0.3.1. When you create this forwarding proper rules will be created automatically. If I understand your task correctly... - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
RE: [pfSense Support] Sending traffic out a 2nd WAN interface
Hi Chris and Keenan, It is still not working so this is exactly what I have. I don't usually post all the live IPs but at this point I just need it to work. Windows 2K3 Server (no firewall) 10.0.3.1 This guy needs to receive LDAP and SMPT traffic from OPT1 Interface LAN Rules: Proto Source Port DestPort GW Sched TCP * *142.46.226.22 25 142.47.56.89 TCP * *142.46.226.24 389 142.47.56.89 TCP * *10.250.223.148 389 142.47.56.89 * LAN net ** ** OPT1 Rules: TCP 142.46.226.24 *10.0.3.1389 142.47.56.89 TCP 10.250.223.148 *10.0.3.1389 142.47.56.89 TCP 142.46.226.22 *10.0.3.125 142.47.56.89 ICMP * ** ** TCP 142.46.226.16 *LAN net *142.47.56.89 OPT1 is on a private network with ip of 142.47.56.90/28 with GW of 142.47.56.89 From a workstation I can successfully telnet out to 142.46.226.22:25 but I cannot telnet to either of the 389 addresses When they try and telnet to me I do see traffic in my FW capture from them on OPT1 for 389 but it never gets passed to the inside machine. This is driving me nuts and I am sure I am missing something simple, please any help is appreciated. -Original Message- From: cbuech...@gmail.com [mailto:cbuech...@gmail.com] On Behalf Of Chris Buechler Sent: Monday, November 02, 2009 9:44 PM To: support@pfsense.com Subject: Re: [pfSense Support] Sending traffic out a 2nd WAN interface On Mon, Nov 2, 2009 at 8:10 PM, Ron Lemon rjle...@gmail.com wrote: Do I create this rule on the WAN or OPT tab under Firewall rules? Where ever the traffic is initiated (LAN probably). Do I need to enable AON or should I leave automatic? Automatic. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org No virus found in this incoming message. Checked by AVG - www.avg.com Version: 9.0.698 / Virus Database: 270.14.45/2476 - Release Date: 11/02/09 02:51:00 - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] Sending traffic out a 2nd WAN interface
Ron Lemon wrote: Hi Chris and Keenan, It is still not working so this is exactly what I have. I don't usually post all the live IPs but at this point I just need it to work. Windows 2K3 Server (no firewall) 10.0.3.1 This guy needs to receive LDAP and SMPT traffic from OPT1 Interface LAN Rules: Proto Source Port DestPort GW Sched TCP * *142.46.226.22 25 142.47.56.89 TCP * *142.46.226.24 389 142.47.56.89 TCP * *10.250.223.148 389 142.47.56.89 * LAN net ** ** OPT1 Rules: TCP 142.46.226.24 *10.0.3.1389 142.47.56.89 TCP 10.250.223.148 *10.0.3.1389 142.47.56.89 TCP 142.46.226.22 *10.0.3.125 142.47.56.89 ICMP * ** ** TCP 142.46.226.16 *LAN net *142.47.56.89 OPT1 is on a private network with ip of 142.47.56.90/28 with GW of 142.47.56.89 From a workstation I can successfully telnet out to 142.46.226.22:25 but I cannot telnet to either of the 389 addresses When they try and telnet to me I do see traffic in my FW capture from them on OPT1 for 389 but it never gets passed to the inside machine. This is driving me nuts and I am sure I am missing something simple, please any help is appreciated. I do not think you need to specify gateway in OPT1 rules, make it default. Then, you have to set up port forward nat on OPT1, so traffic destined to 142.47.56.90:389 should be forwarded to 10.0.3.1. When you create this forwarding proper rules will be created automatically. If I understand your task correctly... - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] Sending traffic out a 2nd WAN interface
All you need to do is create a PASS rule that matches the traffic, and select the gateway for the WAN you want it to go out. Make sure it appears before any catch-all rules in the list. Keenan Quoting Ron Lemon rjle...@gmail.com: Good Afternoon, I have a pfSense box that has 2 WAN interfaces and 1 LAN interface. I need to be able to send some specific mail traffic out over OPT1 (the second WAN link) depending on the IP that it is destined for. The vast majority of the mail needs to go out over the WAN but a few messages have to be routed to this other interface so that it is kept on someone else's secure network. Do I need to configure Outbound NAT for this? A quick set of steps would be helpful. Thanks, Ron - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
RE: [pfSense Support] Sending traffic out a 2nd WAN interface
Do I create this rule on the WAN or OPT tab under Firewall rules? Do I need to enable AON or should I leave automatic? Thanks. -Original Message- From: Keenan Tims [mailto:kt...@gotroot.ca] Sent: November-02-09 6:57 PM To: support@pfsense.com Subject: Re: [pfSense Support] Sending traffic out a 2nd WAN interface All you need to do is create a PASS rule that matches the traffic, and select the gateway for the WAN you want it to go out. Make sure it appears before any catch-all rules in the list. Keenan Quoting Ron Lemon rjle...@gmail.com: Good Afternoon, I have a pfSense box that has 2 WAN interfaces and 1 LAN interface. I need to be able to send some specific mail traffic out over OPT1 (the second WAN link) depending on the IP that it is destined for. The vast majority of the mail needs to go out over the WAN but a few messages have to be routed to this other interface so that it is kept on someone else's secure network. Do I need to configure Outbound NAT for this? A quick set of steps would be helpful. Thanks, Ron - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org No virus found in this incoming message. Checked by AVG - www.avg.com Version: 9.0.698 / Virus Database: 270.14.45/2476 - Release Date: 11/02/09 02:51:00 - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] Sending traffic out a 2nd WAN interface
On Mon, Nov 2, 2009 at 8:10 PM, Ron Lemon rjle...@gmail.com wrote: Do I create this rule on the WAN or OPT tab under Firewall rules? Where ever the traffic is initiated (LAN probably). Do I need to enable AON or should I leave automatic? Automatic. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org