NAT and Rule problems
-
I have installed Pfsense 1.2 on a Dell Poweredge 750 server. I have two Ethernet interfaces in this server. One interface is put on the WAN side, and the other is on the LAN. My Internet provider has provided me with a .29 mask network on a SDSL internet line. I have defined four “Other Virtual IPs” in FPsense and used them in the NAT/Rules. The problem is that I can’t reach the inside NAT/Ruled IP’s from the WAN’s defined VIP’s, but I can reach Pfsense interface IP. Someone who has any idea of my problems?
-
Did you create firewall rules that allow access to the VIP's?
-
Unless those IPs are routed to your WAN IP, you'll need to use proxy ARP or CARP type VIPs, not Other.
-
I created NAT between wan-ip and lan-ip who atomically created a access Rule to the lan-ip.
Did you create firewall rules that allow access to the VIP's?
-
I got a "small" ip-segment ( 193.71../29 ) with a gateway IP from my prowider. I have used this range before with a Soncwall PRO.
@cmb:
Unless those IPs are routed to your WAN IP, you'll need to use proxy ARP or CARP type VIPs, not Other.
-
Take a look at the screenshot
-
Yes, I mean I tried this. Should the mask for this Proxy ARP be /32?, or should it be the same mask as for my WAN IP segment (/29)?
For you information I got access to the PF's own interface IP from the WAN. This IP is of cause one inside of my WAN mask.
Take a look at the screenshot
-
Proxy arp with /32 and Carp with you isp mask /29.
-
Proxy Arp/32 does not function with my alternative IP's from WAN only with PF's interface IP. Carp/29 does well with one of the alternative IP's, but the server boots many times every time I change something. I must test further… :( When I put in a 10 year’s old Sonicwall PRO everything works, but I can’t use this unit instead because it’s feature less. :)
Proxy arp with /32 and Carp with you isp mask /29.
-
Ah… When I put on a unic VHID Group on every carp IP everythig was ok... :-)