Netgate SG-1000 microFirewall

Author Topic: VIP setting  (Read 190 times)

0 Members and 1 Guest are viewing this topic.

Offline ashima

  • Full Member
  • ***
  • Posts: 138
  • Karma: +2/-0
    • View Profile
VIP setting
« on: January 26, 2018, 10:38:56 am »
Here's the setup :


           First pfsense box (Box 1) acting as load balancer , OpenVPN Server for branches and dhcp server for Box 2.

           Second pfsense box (Box 2)  acting as firewall, content filter.
     
           Two Servers , Server1 and Server 2 are behind the firewall .

All the branches connect to Box 1 through OpenVPN and rdp to Server1. (rdp port 3389 is opened in Box 2  and port forwarded to server 1)

Now I want to assign another IP to Box 2 (VIP) which should port forward to server 2. So that users when use this IP for rdp they are forwarded to server 2.

My Plan :

        My plan is to have Virtual IP in Box 2 with IP Alias. Then port forward for this IP to server 2.

I am not sure about this settings so don't want to take any chance.

Also is there any changes I need to make in Box 1 (as it is the dhcp server for box 2).

Any help.

Regards,
Ashima

Offline ashima

  • Full Member
  • ***
  • Posts: 138
  • Karma: +2/-0
    • View Profile
Re: VIP setting
« Reply #1 on: January 27, 2018, 07:42:18 am »


  I haven't received any response. I just want to confirm if I use virtual Ip with Ip Alias and do a port forward to second server will it work. Since the Pfsense box is at the remote location (at the head office where all branches connect) I don't want to take any chance.

Also should I have to make any change in  BOx 1 (the load balancer) as it is the dhcp server fox box 2.

As I am going to make these changes remotely I just want to confirm my step.

Any Help ?

Regards,
Ashima

Online viragomann

  • Hero Member
  • *****
  • Posts: 2681
  • Karma: +284/-1
    • View Profile
Re: VIP setting
« Reply #2 on: January 28, 2018, 11:25:19 am »
If you're providing services behind box 2 it's recommended to have static IPs for that.
Why you want to use dynamic IPs on that box?

Offline ashima

  • Full Member
  • ***
  • Posts: 138
  • Karma: +2/-0
    • View Profile
Re: VIP setting
« Reply #3 on: January 28, 2018, 05:54:12 pm »
Thank you viragomann.

I am using mac-ip binding in box1 so box2 always get same Ip.

I can of course make box2 to have static Ip if that serves  the purpose.
My question is about assigning another Ip  (virtual ip) to box2 so that I can access server2 with same port as server 1.

Thanks,
Ashima.

Online viragomann

  • Hero Member
  • *****
  • Posts: 2681
  • Karma: +284/-1
    • View Profile
Re: VIP setting
« Reply #4 on: January 29, 2018, 01:53:39 am »
Yes, of course you may assign additional IP aliases to WAN and forward it to the server.
It would also work if the primary is pulled from DHCP. So if you have a static mapping it will be fine to provide a service.
However, the IP aliases have to be static.