PFSense Send traffic out from LAN host on a specific IP

Hi guys,

I'm now using PFSense as our firewall and am looking for a way other than 1:1 Nat to send traffic from our Mail-Server through a specific public IP we have in our pool that can be quickly changed on the fly.  We have 126 useable IPs so were in the /25 subnet, and am unsure of how to do it.  I still want to receive mail on the same IP we have been using, just looking to send mail out a different public IP we have

The reason is, we have our Public DNS for our MX and A records for our mail server, but if an issue ever arises with say being blacklisted when we send mail outbound on that same address, I want a way to quickly change the outgoing public IP being used.

IE I still want to receive mail on the same public IP we have been using, but I'd like a way to quickly change a setting to send out mail using a different public IP in our available pool.

Is this possible?
LVL 3
NoodlesWIUAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Daniel HelgenbergerCommented:
You can do this; way to do so would be:
- add a virtual IP alias for all the IP's you want to use (Firewall / Virtual IPs)
- use outbound NAT to define a rule for your mail server to use this specific IP; you do this by selecting the VIP at in the "Translation" box. (Firewall / NAT / Outbound)
Btw, you can also use this alias for Inbound NAT; redirecting your Mail Server's Public IP.

The tricky part is, you need to disable outbound NAT rule creation for this. You need to keep the autocreated rules, or recreate them - otherwise your outbound traffic would go nowhere. Thankfully, if you click "Save" when disabling Auto outbound NAT, all the current existing mappings will be added to the rules list; it will not disrupt traffic. Also, like with every rule, settings will only be applied after you click "Apply changes"

With automatic outbound NAT enabled, a mapping is automatically created for each interface's subnet (except WAN-type connections) and the rules on this page are ignored.

If manual outbound NAT is enabled, outbound NAT rules will not be automatically generated and only the mappings you specify on this page will be used.

If a target address other than a WAN-type interface's IP address is used, then depending on the way the WAN connection is setup, a Virtual IP may also be required.      

To completely disable outbound NAT, switch to Manual Outbound NAT then delete any NAT rules that appear in the list.
This basically means you have to add the NAT mappings for your outbound traffic manually one. Plan this carefully!
Does this help or do you need more specific details how to do this?

PS:
The reason is, we have our Public DNS for our MX and A records for our mail server, but if an issue ever arises with say being blacklisted when we send mail outbound on that same address, I want a way to quickly change the outgoing public IP being used.

This is not true I would say, we are sending Mail from our MX all the time (we do not have so many public IPs), I had never problems with this setup.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
NoodlesWIUAuthor Commented:
Thanks for the info.  I'm going to do some further reading on your information before making any changes, as it sounds I could halt outbound traffic all together if i'm not careful.

Thanks for your help!
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2008

From novice to tech pro — start learning today.