What's new

Sharing my DualWan with port forwarding and DDNS experience

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

GShlomi

Occasional Visitor
Just wanted to share with you guys my progress so far.
So I've been trying to use Dual WAN configuration for my lab environment, which includes two Active Directory forests, each with it's own Exchange infrastructure, each behind a pfSense VM, so I'll be able to expose each Exchange on a different public IP address.

So the first domain was pretty simple, just using DDNS and port-forwarding at the Router GUI, forwarding ports 25/443 to the pfSense the routes the first domain.
The second domain had me going to CLI to implement the above for the second pfSense machine, using:

For DDNS:
Code:
USERNAME=<REDACTED>
PASSWORD=<REDACTED>
HOSTNAME=<REDACTED>
IP=$(nvram get wan1_ipaddr)

# Should be no need to modify anything beyond this point
/usr/sbin/curl -k --silent -u "$USERNAME:$PASSWORD" "https://updates.dnsomatic.com/nic/update?hostname=$HOSTNAME&wildcard=NOCHG&mx=NOCHG&backmx=NOCHG&myip=$IP" >/dev/null 2>&1

if [ $? -eq 0 ]; then
        /sbin/ddns_custom_updated 1
else
        /sbin/ddns_custom_updated 0
fi

For port forwarding from secondary WAN to the second pfSense VM:
Code:
iptables -I FORWARD -i ppp1 -p tcp -d <REDACTED> --dport 25 -j ACCEPT
iptables -I FORWARD -i ppp1 -p tcp -d <REDACTED> --dport 443 -j ACCEPT
iptables -t nat -I PREROUTING -i ppp1 -p tcp --dport 25 -j DNAT --to-destination <REDACTED>
iptables -t nat -I PREROUTING -i ppp1 -p tcp --dport 443 -j DNAT --to-destination <REDACTED>

Also, wanted the secondary wan to be dedicated for the second domain, so setup a routing rule with higher priority then the default one:
Code:
ip route del default
ip route add default via $(nvram get wan0_gateway) dev $(nvram get wan0_gw_ifname)

while [ "$(ip rule | grep '90:')" != "" ]; do
    ip rule delete priority 90 > /dev/null
done

while [ "$(ip rule | grep '95:')" != "" ]; do
    ip rule delete priority 95 > /dev/null
done

ip rule add from <second pfSense IP> table wan1 prio 90
ip rule add from 192.168.1.0/24 table wan0 prio 95

All of the above was saved in an .sh file, set to execute with CHMOD +x and added to wan-event.

Hope it all makes sense, will be glad for your ideas and feedback if there's something I've missed

Thanks for @RMerlin for this great peace of software, and thanks for this great community for all the informative posts here :)
 

Similar threads

Latest threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top