Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    1:1 NAT not working, disables outbound access

    NAT
    2
    3
    2.7k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • Y
      yakatz
      last edited by

      Currently, we are in the process of merging to networks together, so we added another NIC to our pfSense box.

      Some background:
      Public IPs: x.x.x.114-126
      Private Range (WAN): 192.168.118.
      Private Range (OPT1): 192.168.168.

      We started with no 1:1 NAT rules and now are trying to add them.
      The problem is that only some of the public IPs are actually coming through (they all used to work).
      The IPs are not all in one chunk, but are spread out across our block.

      Example: public.123->118.123 works; public.124->168.124 works; public.116->168.133 does not work
      –--------------------------------------------------------
      UPDATE: at the end of a eleven hour work day, we reverted to the old sonicwall appliance we were using and found that the ips that worked with the pfsense did not work with the sonicwall. Could this be an ISP issue?

      1 Reply Last reply Reply Quote 0
      • GruensFroeschliG
        GruensFroeschli
        last edited by

        UPDATE: at the end of a eleven hour work day, we reverted to the old sonicwall appliance we were using and found that the ips that worked with the pfsense did not work with the sonicwall. Could this be an ISP issue?

        This could very well be.
        They probably have the MAC of the old NIC cached.

        There have been quite a lot of problems discussed here in the forum which were resolved by power cycling the ISPs router.
        Or just wait long enough for the cache to expire.

        I assume you used CARP IPs?
        Each CARP IP has its own "virtual MAC".

        @http://forum.pfsense.org/index.php/topic:

        CARP mac addresses are generated with the first five octets being 00:00:5E:00:01 and the last octet being that of the CARP VHID.  If you want to change this, it's in the kernel, I wouldn't change it unless I knew what I was doing if I were you (it's set the way it is for good reason).

        We do what we must, because we can.

        Asking questions the smart way: http://www.catb.org/esr/faqs/smart-questions.html

        1 Reply Last reply Reply Quote 0
        • Y
          yakatz
          last edited by

          Solved
          Now that I know what to search for: http://forum.pfsense.org/index.php?topic=13825.0

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.