Wan/VIP -> LAN issues

m2oore

I have been trying very hard to figure this out.  I have done a ton of reading here and can't seem to find the specific answer I am needing to fix the problem I am having.

Here is my setup
I have an ISP which has given me 5 IP addresses

Interfaces

WAN
Ipaddress:  66.XXX.XXX.138/29
gateway:  66.XXX.XXX.136

LAN
Ipaddress:  192.168.2.30/24

I have a Virtual IP
IPaddress:  66.XXX.XXX.140/29
PARP

What I want to do is route typical traffic from my interal users to my WAN interface and that is working correctly right now.  What I am having a problem with is that I need to route 2 specific HTTP ports to two seperate Interal IP address.

For Example

66.XXX.XXX.138 -> 192.168.2.33  *This is the WAN interface
66.XXX.XXX.140 -> 192.168.2.31  *This is the Virtual IP

I do a port forward as described in documentation in which I have both my WAN and my VIP specified as the sources and the corresponding IP's for local line specified in each NAT section.

The problem is that I can access both pages internally (with Nat Reflection Check - Unchecked) but, I can't seem to get an outside connection to those pages.

Can anyone give me a clue on how I can get this to work?

Thanks,

GruensFroeschli

If you connect from the outside: do you see something in the firewall log dropped?
Try as VIP type CARP (even if you dont need the CARP functionalities).

dotdash

A single proxy-arp address should be added as 66.XXX.XXX.140/32 (single address, not network)

m2oore

Changing it to CARP did the trick for me thanks!

GruensFroeschli

I didnt notice before but dotdash is right.

• With PARP you need to specify the correct IP with /32 If you want to map only one IP.
• With CARP you need to specify the actual CIDR subnet of the IP in your case /29.

PARP should work in your case too but if you want to run services on the pfSense on this VIP you should use CARP.