GShlomi
Occasional Visitor
Just wanted to share with you guys my progress so far.
So I've been trying to use Dual WAN configuration for my lab environment, which includes two Active Directory forests, each with it's own Exchange infrastructure, each behind a pfSense VM, so I'll be able to expose each Exchange on a different public IP address.
So the first domain was pretty simple, just using DDNS and port-forwarding at the Router GUI, forwarding ports 25/443 to the pfSense the routes the first domain.
The second domain had me going to CLI to implement the above for the second pfSense machine, using:
For DDNS:
For port forwarding from secondary WAN to the second pfSense VM:
Also, wanted the secondary wan to be dedicated for the second domain, so setup a routing rule with higher priority then the default one:
All of the above was saved in an .sh file, set to execute with CHMOD +x and added to wan-event.
Hope it all makes sense, will be glad for your ideas and feedback if there's something I've missed
Thanks for @RMerlin for this great peace of software, and thanks for this great community for all the informative posts here
So I've been trying to use Dual WAN configuration for my lab environment, which includes two Active Directory forests, each with it's own Exchange infrastructure, each behind a pfSense VM, so I'll be able to expose each Exchange on a different public IP address.
So the first domain was pretty simple, just using DDNS and port-forwarding at the Router GUI, forwarding ports 25/443 to the pfSense the routes the first domain.
The second domain had me going to CLI to implement the above for the second pfSense machine, using:
For DDNS:
Code:
USERNAME=<REDACTED>
PASSWORD=<REDACTED>
HOSTNAME=<REDACTED>
IP=$(nvram get wan1_ipaddr)
# Should be no need to modify anything beyond this point
/usr/sbin/curl -k --silent -u "$USERNAME:$PASSWORD" "https://updates.dnsomatic.com/nic/update?hostname=$HOSTNAME&wildcard=NOCHG&mx=NOCHG&backmx=NOCHG&myip=$IP" >/dev/null 2>&1
if [ $? -eq 0 ]; then
/sbin/ddns_custom_updated 1
else
/sbin/ddns_custom_updated 0
fi
For port forwarding from secondary WAN to the second pfSense VM:
Code:
iptables -I FORWARD -i ppp1 -p tcp -d <REDACTED> --dport 25 -j ACCEPT
iptables -I FORWARD -i ppp1 -p tcp -d <REDACTED> --dport 443 -j ACCEPT
iptables -t nat -I PREROUTING -i ppp1 -p tcp --dport 25 -j DNAT --to-destination <REDACTED>
iptables -t nat -I PREROUTING -i ppp1 -p tcp --dport 443 -j DNAT --to-destination <REDACTED>
Also, wanted the secondary wan to be dedicated for the second domain, so setup a routing rule with higher priority then the default one:
Code:
ip route del default
ip route add default via $(nvram get wan0_gateway) dev $(nvram get wan0_gw_ifname)
while [ "$(ip rule | grep '90:')" != "" ]; do
ip rule delete priority 90 > /dev/null
done
while [ "$(ip rule | grep '95:')" != "" ]; do
ip rule delete priority 95 > /dev/null
done
ip rule add from <second pfSense IP> table wan1 prio 90
ip rule add from 192.168.1.0/24 table wan0 prio 95
All of the above was saved in an .sh file, set to execute with CHMOD +x and added to wan-event.
Hope it all makes sense, will be glad for your ideas and feedback if there's something I've missed
Thanks for @RMerlin for this great peace of software, and thanks for this great community for all the informative posts here