Assign computers behind pfsense to WAN interfaces

lithgow · Apr 28, 2008, 2:11 PM

I tried to setup 1:1 NAT

My router ip is 78...105 and the ip I was wanting one of my computers to be was 78...110. In 1:1 NAT I set ip to 78...110/32 forwards to 192.168.0.220/32 but this didn't allow any traffic out from the computer, on deleting the entry it was working again.

What have I done wrong?

ps. I was told my connection is on the /29 allocation

GruensFroeschli · Apr 28, 2008, 3:54 PM

Can you show screenshots of all the pages that are relevant?
(1:1 NAT, VIP, firewall WAN and LAN)
Are you using Advanced outbound NAT?

lithgow · Apr 28, 2008, 7:04 PM

I'm using Automatic outbound NAT rule generation (IPsec passthrough).

When I tried to add a CARP VIP it informed me that I can't set that ip as its not on the same subnet.

I currently have 2 modems DMZ'd to my pfsense box, I do have the option of half-bridge but I don't think I am able to see modem status when I set this option which is the main reason I do not use it.

Thanks again for your help :)

GruensFroeschli · Apr 28, 2008, 8:04 PM

Like now it wont work because your 1:1 NATing an IP that does not exist.
–> You need to create a VIP which will be used in the 1:1 NAT rule.

Can you set the CARP-VIP again and show a screenshot of how you set it up?
Please be aware (there is a note on the config page too) that if you configure a CARP-VIP you have to set the correct subnet.
NOT /32

(also if you search the forum for this exact problem you will find http://forum.pfsense.org/index.php/topic,9057.0.html in which i wrote the solution to this problem just a few days ago)

lithgow · Apr 28, 2008, 10:22 PM

I had a look at the thread and tried to setup the VIP but I had the same problem that I had earlier…

The following input errors were detected:

* Sorry, we could not locate an interface with a matching subnet for 78.32.215.110/29. Please add an ip in this subnet on a real interface.

GruensFroeschli · Apr 28, 2008, 10:31 PM

How is your WAN set up?
Are you using the pfSense to authenticate the PPPoE?
Because this would be a Problem: PPPoE WAN's are /32 IP's.
Meaning you cannot have a CARP-Type VIP on such a WAN.

Try using a PARP-type VIP.

lithgow · May 5, 2008, 12:08 PM

Router 1 192.168.1.1 -> eth1 192.168.1.4 (DMZ) -> WAN1
Router 2 192.168.10.1 -> eth2 192.168.10.4 (DMZ) -> WAN2

I'm not using it to do pppoe.

I tried a PARP VIP but this had the same effect of no Internet access on the computer I assigned the ip to.

hoba · May 5, 2008, 7:30 PM

Reboot the device in front of the ProxyARP IP or dump it's ARP cache. Often it's just an ARP issue of the device in front of you when adding/changing virtual IPs.

lithgow · May 6, 2008, 9:00 PM

Unfortunately that didn't work either :(

So I don't really know whats going wrong here, would it work if I used pppoe? The only issue I have with that is I can't see my modems config pages and can't check what speed on the dsl I'm getting :(

lithgow · Jun 3, 2008, 8:47 AM

I am still getting this problem, I don't know if anyone can help…