Multiply Public IPs
-
Hoba, can you show me your set up? Here is my NAT 1:1 I was trying to do as well as the error I get:
Acknowledge All .:. 03-06-07 10:41:03 - [filter_load]There were error(s) loading the rules: /tmp/rules.debug:37: macro opt1 not defined/tmp/rules.debug:37: syntax error/tmp/rules.debug:38: macro opt1 not defined/tmp/rules.debug:39: macro opt1 not definedpfctl: Syntax error in config file: pf rules not loaded The line in question reads [37]: binat on $opt1 from 10.10.15.1/32 to any -> 64.20.192.187/32 .:.
Acknowledge All .:. 03-06-07 10:41:03 - [filter_load]There were error(s) loading the rules: /tmp/rules.debug:37: macro opt1 not defined/tmp/rules.debug:37: syntax error/tmp/rules.debug:38: macro opt1 not defined/tmp/rules.debug:39: macro opt1 not definedpfctl: Syntax error in config file: pf rules not loaded The line in question reads [37]: binat on $opt1 from 10.10.15.1/32 to any -> 64.20.192.187/32 .:.
-
If any one could post screen shots of there working NAT or NAT 1:1 for multiply public IPs, that would be helpful. Thx.
-
bump?
-
How do I reset my ARP cache without redoing my whole gateway? And, if someone could post a screen shot of their NAT and/or NAT 1:1 with multiply public IP's, that would be helpful.
-
delete all your existing WAN rules, restart your pfsense box
and then create new rules on WAN interface to pass trafic from any to your VIP adresses
using proxy ARP for VIP it should works but your VIP cannot be pingeable or reseolved from outside and i think there is no way to do that with pfsense -
I keep hearing it should and I believe it should, but it isn't. I am not sure what is wrong, even if I start over I would most likely be stopped here again. I cleared out my WAN2 rules, restarted the box, used proxy ARP for VIP, and set the NAT 1:1 to the right IP and I am still getting load errors. I am doing load balancing and changed the interface to the WAN2, could there be a problem were it only works on WAN?
-
Maybe just a problem of the way how you are testing? You have to test this from outside your network coming from WAN. 1:1 NATs are not nat reflected. This only works for portforwards but not for 1:1's. However you should not get these errors as alerts. Maybe having a look at your config.xml might help. Please send it to holger.bauer <at>citec-ag <dot>de and I'll throw it at a testsystem.</dot></at>
-
I have several installations with public IP ranges. Here is what I do everywhere:
One (ore two) pfsense box with at least 3 ethernet cards: WAN LAN DMZ (optional SYNC card for cluster ;-) )
WAN got ip 192.168.1.1/24
LAN got ip 172.16.1.254/16 (anything RFC1918 compliant)
DMZ got the public range.The big step is to call you ISP and to explain to the technical staff to disable the NAT function on your WAN router and to put a static route for you public IP range pointing to your WAN IP.
so it looks like:
ISP-ROUTER : 192.168.1.254/24
|
|
|192.168.1.1/24
PF SENSE–----------------DMZ X.X.X.X public IP range
| 172.16.1.254(rfc1918 lan range)
|
LANBy this way you are master of your whole public range, you can filter the traffic as it pass through pfSense and continue using good things like synproxying.
-
Well, I got it working last week. Not sure what was different. Would having NAT rules and NAT 1:1 (of the same IPs) cause a problem? that is the only thing I can thing of. I was going out one internet line to come in the other (1 line has 1 IP the other has 5). So it is working now. Everything is working now. Hoba, any chance there might be a way to transparent proxy a load balance system in the future? Just wondering.
-
With the current implementation of loadbalancing probably not but I might be wrong. Who knows ;)