Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Ping to Virtual IP from Internet?

    Scheduled Pinned Locked Moved HA/CARP/VIPs
    14 Posts 4 Posters 13.6k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      muchacho
      last edited by

      now i'm in IRC.
      But where are you? :'(

      1 Reply Last reply Reply Quote 0
      • H
        hoba
        last edited by

        I'm usually there during central european evening and night times. I'm online atm.

        1 Reply Last reply Reply Quote 0
        • S
          sullrich
          last edited by

          @muchacho:

          now i'm in IRC.
          But where are you? :'(

          Wow.

          1 Reply Last reply Reply Quote 0
          • A
            agismaniax
            last edited by

            I have same problem too.

            WAN Interface: 203.77.230.20/29
            LAN Interface: 172.16.4.252/16
            VIP: 203.77.230.21 (Other)

            NAT 1:1
            Interface: WAN
            External IP: 203.77.230.21/32
            Internal IP: 172.16.4.16/32

            NAT Advanced Outbound
            Interface: WAN
            Source: 172.16.4.0/24
            Source Port: *
            Destination: *
            Destination Port: *
            NAT Address: *
            NAT Port: *
            Static Port: NO

            Rules LAN:
            Proto: *
            Source: LAN net
            Port: *
            Destination: *
            Port: *
            Gateway: *

            Rules WAN:
            Proto: ICMP
            Source: *
            Port: *
            Destination: WAN address
            Port: *
            Gateway: *

            I'm using pfSense BETA2.
            Still stuck with incoming connection from internet to my selected LAN.
            My server located in the LAN, not DMZ.
            I only able to open ICMP and SSH in the pfSense it self.

            1 Reply Last reply Reply Quote 0
            • A
              agismaniax
              last edited by

              Add another Rules WAN:
              Proto: ICMP
              Source: *
              Port: *
              Destination: 203.77.230.21
              Port: *
              Gateway: *

              And still won't able to ping to 172.16.4.16 from internet.

              1 Reply Last reply Reply Quote 0
              • H
                hoba
                last edited by

                What do you need the advanced outbound NAT for? 1:1 nat takes care of natting the inside IP to the right external one. Also your outbound NAT rule is wrong as it doesn't have a "map to IP" specified (is that assignable this way anyway?).

                • Disable advanced outbound nat again.
                • Change your rule at WAN to have the internal IP of your client (172.16.4.16) (NAT is first processed and after that firewall rules are applied!)

                If it doesn't work with VIP "other" use "proxy arp" or "CARP" instead (your provider then most likely needs some kind of Layer2 reply).

                1 Reply Last reply Reply Quote 0
                • A
                  agismaniax
                  last edited by

                  • Recreate VIP

                  • Disable advance outbound NAT

                  • Recreate NAT 1:1

                  • Recreate Rules at WAN

                  And still won't able to ping the VIP address.
                  Is there something wrong with my rules?  ???

                  1 Reply Last reply Reply Quote 0
                  • H
                    hoba
                    last edited by

                    Well, I can Ping your VIP:

                    Ping output:

                    PING 203.77.230.21 (203.77.230.21): 56 data bytes
                    64 bytes from 203.77.230.21: icmp_seq=0 ttl=44 time=370.610 ms
                    64 bytes from 203.77.230.21: icmp_seq=1 ttl=44 time=348.927 ms
                    64 bytes from 203.77.230.21: icmp_seq=2 ttl=44 time=355.200 ms

                    –- 203.77.230.21 ping statistics ---
                    3 packets transmitted, 3 packets received, 0% packet loss
                    round-trip min/avg/max/stddev = 348.927/358.246/370.610/9.110 ms

                    1 Reply Last reply Reply Quote 0
                    • A
                      agismaniax
                      last edited by

                      sorry… the real 203.77.230.21 is my existing linux with iptables.
                      but i'm trying pfsense beta 2 in my lab with the real IP too, so i can switch that linux/iptables with pfsense if it's work.

                      right now i'm using 4 machine for testing:
                      two as internal with IP 172.16.4.16 and 172.16.4.74
                      one for pfsense with LAN 172.16.4.252, WAN 203.77.230.20 (GW 203.77.230.17), VIP 203.77.230.21
                      the last for external with 203.77.230.17

                      i just reset pfsense to factory default and recreate again the whole config.
                      but still won't able to ping VIP from external. I only able to ping WAN interface from external.
                      all trafic from internal to external works fine.

                      btw, my pfsense mobo is GA-K8NSNXP-939 with 2 RJ45 onboard, one with NVidia Ethernet (nve0) and the other with Marvell 8801 Gigabit Ethernet (pfsense didn't detect this chip) and 4 additional Linksys (pfsense probe as dc0, dc1, dc2, dc3).

                      1 Reply Last reply Reply Quote 0
                      • A
                        agismaniax
                        last edited by

                        Finally… after testing on three motherboard, I can do ping and port forwarding from external to internal machine.
                        The main problem is in the default gateway of the internal machine. I forgot to add additional gw in the server routing table.  ;D ;D ;D

                        I will switch to pfSense immediately... thanks guys... ;) ;) ;)

                        1 Reply Last reply Reply Quote 0
                        • First post
                          Last post
                        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.