@netblues said in Multiple virtual IPs, one WAN -- outbound round robin use of IPs possible?:

@Airwave and consider random with stickiness since changing ip's between https requests tend to break things badly.

Okay, great thank you.
I'll test these options :-)

So, after a some CSI I notice that inbound packages where reaching the target machine, the problem was that the Firewall B didnt knew where to sent back the response, so I added a new rule in NAT Outbound for this particular device, and worked like a charm:

0d66b8df-182e-417f-b492-f56c1d24b4d4-image.png

NOTE: Firewall B doesnt use Firewall A gateway, its a "hybrid" VPN.

@bgillette said in Simple internal NAT - Can't port forward on internal LAN:

well i had my NAS admin exposed so i could access it remotely

Would never in a million years expose nas admin to the public internet.. If you can not lock down forward to a known source IP, say your work, or where you remotely admin from.. Then VPN into to do your remote administration.

Perhaps use proper DNS instead?

Hmmm, what was system default set too? Mine is disabled - but it defaults to what pure nat or nat+proxy?

I really don't see how that would of come into play on a different interface.. Can try and duplicate it - what setting did you have in system, and can set mine to that and then look at the exact rules being created..

@hotshottech said in Access Back-haul Radios:

I got it going…..here are the rules that got me there.

Thanks guys for all the help....see attached

Post2.png
Post2.png_thumb
post3.png
post3.png_thumb

Hi! I also have a same problem...
ISP Router Modem (DHCP) 192.168.2.1-RADIO(192.168.30.X)-RADIO(192.168.30.Y)-PFSENSE(192.168.2.1)

sadly, can't see the attached files...

@mike1818
(Replying to my own post)

There is a problem with the PABX.
Retried it and saw outgoing traffic from the pfSense to the PABX which is acting like there is no traffic.
Sorry for bothering.

Thanks, I'll write tomorrow as I check it out.

Thanks, I check everything again and you are right, this is debian fault, not pfsense

Thanks for the reply, well its seems that it got fixed by it self, i think it was getting greylisted by gmail refusing to talk to my email server on port 25 currently i run Proxmox mail gateway as my smart host and my backend a zimbra server which sends though proxmox, The internet is business with 5 static IPs, first time i see on the log connection lost on gmail servers. I have seen this on other servers but its either its dead or refusing to talk to me. As the curious part i could send to any other domain besides gmail which made me think that its not a ISP issue .But thank you again for the help.

...of course the morning after I posted this, I had another idea on a place to check.
do not nat.jpg

In Hybrid Outbound NAT mode, it looks like adding a rule that matches the interface I want to exclude and then checking the "Do not NAT" option for that rule works as you might expect. 😄

Before posting, I was looking for some list of interfaces that were NAT'd or some per-interface firewall rule to disable. Since Hybrid Outbound NAT works so well, I forget it is there and that I can modify the ruleset. I've even used it before to make the local NAT port static for a particular device 🤦

@netblues that looks like an interesting alternative. I'm running the pi-hole on a server with other stuff so it won't remove a machine from the network, but it might make the config easier.

🤐

Do a tcpdump outside the host on the router or connect another computer to the hosts eth0. Possibly the host is blocking the traffic.

Thanks for the reply, so i have another pfSense box and same issue with the newest version

2.4.5-RELEASE-p1 (amd64) built on Tue Jun 02 17:51:17 EDT 2020 FreeBSD 11.3-STABLE

I have yes, that is the document I initially followed, this is my configuration;

EDIT: I just realised the pictures weren't visible, I have updated the links :)

alt text

alt text

alt text