1:1 NAT MEGAWOES!

cheech · Jun 18, 2006, 6:54 PM

First of all thanks Hoba for trying to reproduce my problems the other day.

With B4 I was getting fatal halts + trashed config.xml when adding VIPS + 1:1NAT. With RC1 I am getting occasional fatal halts when trying to alter 1:1NAT and/or VIPS but at least the config.xml isn't getting trashed.

I have 3 WAN IP's. x.x.x.1/22, x.x.x.2/22, x.x.x.3/22. The first is my "primary" and bound to the WAN interface.

The only way I seem to be able now to get 1:1 NAT working on x.x.x.2 and x.x.x.3/22 is by setting the 1st one to CARP and the second to OTHER…. does this make ANY sense??? It seems to work both w/CARP for a bit then the second becomes unreachable.. can switch it to OTHER then it's OK then back to CARP and it's OK....

I correctly set the /22 with CARP and the NAT rule is WAN /32 to single internal IP.

Thanks for any info!

sullrich · Jun 18, 2006, 8:00 PM

For kicks, try a /24

cheech · Jun 18, 2006, 9:47 PM

Really? My ISP/WAN subnet is 255.255.252.0….

Do you want me to try /24 for both 2 VIPs I am trying?

Right now 1st w/CARP /22 and 2nd set to OTHER seems to be holding up. Unfortunately other side is not as it crashed when I tried to create a firewall alias. I will have to wait til tomorrow to get someone to reboot that box... not sure why it didn't come back up on it's own. I should mention I am using live-cd RC1 w/floppy.

sullrich · Jun 18, 2006, 11:39 PM

#1 Install it to HD and see if it changes

If that doesn't help

#2 http://wiki.pfsense.com/wikka.php?wakka=ObtainingPanicInfoForDevelopers

cheech · Jun 19, 2006, 12:42 AM

OK I will do this. Do you still think I should try changing VIPs to /24 instead of /22 and if so what is the logic behind this (as if I would understand anyway lol.) Thanks!

sullrich · Jun 19, 2006, 12:43 AM

Yes, /24 is a shot too.

cheech · Jun 19, 2006, 7:31 AM

Wont allow me to specify this mask unless I also set my WAN IP to this and I am guessing I will have 0 connectivity at all then?