SOLVED : accessing internal network from wan side

hchady

the same message :
Sorry, we could not locate an interface with a matching subnet for 134.214.116.30/22. Please add an ip in this subnet on a real interface

note that on wan i use 134.214.116.x/22 subnet and on lan side : 192.168.10.x/24

hoba

Is your WAN VIP part of the original WAN subnet? If not CARP won't be an option here.

hchady

yes
my main internet IP adress is 134.214.116.244 /22 … in the same range

hchady

so ? it is a bugg ?

hoba

I don't have the possibility to test atm. It used to work.

hchady

i moved my LAN network from 192.168.10.0/24 to 134.214.0.0/22

now i can use CRAP for virtual IP but i still cannot ping VIP from outside.

but now i can ping them from pfsense LAN side …. strange !!

looks like NAT 1:1 working in 1 way

hoba

ICMP is not natted You have to allow icmp to your wan vip. Btw, it's CARP and not CRAP  ;)

hchady

already done, but still not working

hchady

hi,

I have downgrade to 1.0.1 release (29 october) and i have configured again CARP VIP, NAT and Rules … and it works ! I can ping VIP from outside.
i have add 3 others nated VIP, and reboot... now it dosen't work again and impossible to get it working !
firewall logs dosen't show any blocked ICMP to VIP or nated IP

Strange !! ?

hchady

I am using now 15/03 snapshot … and VIP are not pingeable from outside !!

hchady

It works now with the latest snapshot (23-03-2007) !!

but any chance to have a NAT 1:1 with apple talk compatibility ?