Assign computers behind pfsense to WAN interfaces
-
1:1 NAT is bidirection.
If you 1:1 NAT something then it will always go out the WAN from which the mapping is.
-
I tried to setup 1:1 NAT
My router ip is 78...105 and the ip I was wanting one of my computers to be was 78...110. In 1:1 NAT I set ip to 78...110/32 forwards to 192.168.0.220/32 but this didn't allow any traffic out from the computer, on deleting the entry it was working again.
What have I done wrong?
ps. I was told my connection is on the /29 allocation
-
Can you show screenshots of all the pages that are relevant?
(1:1 NAT, VIP, firewall WAN and LAN)
Are you using Advanced outbound NAT? -
I'm using Automatic outbound NAT rule generation (IPsec passthrough).
When I tried to add a CARP VIP it informed me that I can't set that ip as its not on the same subnet.
I currently have 2 modems DMZ'd to my pfsense box, I do have the option of half-bridge but I don't think I am able to see modem status when I set this option which is the main reason I do not use it.
Thanks again for your help :)
-
Like now it wont work because your 1:1 NATing an IP that does not exist.
–> You need to create a VIP which will be used in the 1:1 NAT rule.Can you set the CARP-VIP again and show a screenshot of how you set it up?
Please be aware (there is a note on the config page too) that if you configure a CARP-VIP you have to set the correct subnet.
NOT /32(also if you search the forum for this exact problem you will find http://forum.pfsense.org/index.php/topic,9057.0.html in which i wrote the solution to this problem just a few days ago)
-
I had a look at the thread and tried to setup the VIP but I had the same problem that I had earlier…
The following input errors were detected:
* Sorry, we could not locate an interface with a matching subnet for 78.32.215.110/29. Please add an ip in this subnet on a real interface.
-
How is your WAN set up?
Are you using the pfSense to authenticate the PPPoE?
Because this would be a Problem: PPPoE WAN's are /32 IP's.
Meaning you cannot have a CARP-Type VIP on such a WAN.Try using a PARP-type VIP.
-
Router 1 192.168.1.1 -> eth1 192.168.1.4 (DMZ) -> WAN1
Router 2 192.168.10.1 -> eth2 192.168.10.4 (DMZ) -> WAN2I'm not using it to do pppoe.
I tried a PARP VIP but this had the same effect of no Internet access on the computer I assigned the ip to.
-
Reboot the device in front of the ProxyARP IP or dump it's ARP cache. Often it's just an ARP issue of the device in front of you when adding/changing virtual IPs.
-
Unfortunately that didn't work either :(
So I don't really know whats going wrong here, would it work if I used pppoe? The only issue I have with that is I can't see my modems config pages and can't check what speed on the dsl I'm getting :(
-
I am still getting this problem, I don't know if anyone can help…
