Ip address issue
-
Hello,
I will use the example addresses instead of the real addresses which are in use.
Let`s say:WAN IP: 80.80.80.1
Routed subnet on to this IP address which is used on the WAN interface: 50.50.50.0/29
So the scenario is as follows on the pfSense:
em0 WAN: 80.80.80.1
em1 LAN: 50.50.50.1Server which is connected to em1 LAN:
ip address 50.50.50.2
mask: 255.255.255.248
gw: 50.50.50.1So there is NO nat used in this case, as I have offical ip addresses and do not need a NAT, the server have offical static ip address from the subnet
which is routed towards the primary WAN ip address 80.80.80.1The issue now is when I open for example www.whatismyip.com from this server than I expect this address to appear: 50.50.50.2 but no I see this address instead: 80.80.80.1
why ? what I need to do in order to get the server offical ip address displayed instead of the pfSense WAN ip address displayed..?Thank you
Tom -
Please correct me if i'm wrong, but your WAN should be assigned to your "official" ip address - you cannot set that yourself. Your ISP will give that to you.
50.50.50.2 is a non-routable address assigned inside your pfsense subnet.
It looks something like:
Server -> LAN -> WAN -> ISP -> whatismyip.comwhatismyip.com will only see the routable assigned IP from your ISP (statically or dynamically) - they cannot see your internal subnet. I assume 80.80.80.1 is the IP your ISP gave you.
If your question relates to gaining access to your server from the internet, then you'll need to NAT routes from your WAN to your LAN.
-
hello,
thank You for reply.
And yes You`re wrong, I mentioned that I will use "example" ip addresses and not "real" ip addresses we are using …so in this example assume that 50.50.50.0 is offical routable subnet that is routed on to WAN ip address which is also in this example: 80.80.80.1 ...
I know that non-routable subnets or/and ip addresses will not be displayed using whatismyip.com .... this is ok...But in my case WAN ip address is internet routable and routed subnet on to this WAN ip is also internet routable subnet that exists in the routes trough BGP routing...
Tom
-
Would you be able to provide a visual representation of this network - this may help clarify your situation in case other members have suggestions.
I'm having a hard time understanding your situation.Sorry for the misunderstanding.
-
no problems at all, I`ll try to "draw" it below:
server 50.50.50.2 –-> [LAN 50.50.50.1] pfSense [WAN 80.80.80.1] –-> ISP Internet
I hope that this will do it better…
So as You can see, server have an ip address 50.50.50.2 and server uses 50.50.50.1 as its GW which is pfSense LAN OK ?
than when I open the www.whatismyip.com I am seeing the WAN ip address of the pfSense in this case 80.80.80.1 BUT I should see the server ip which is 50.50.50.2 OK ?
And consider these ip address I am using in this example just as "EXAMPLE" but in real world we are talking about routable ip addresses and subnets, so in my case we use
only internet valid routable ip addresses and there is NO NAT in our case... as we have enough official ip addresses... OKAgain in short words:
WAN = single ip which we got from our ISP provider: 80.80.80.1
LAN = on this interface I have assigned an ip from the ROUTED SUBNET, which means our ISP has routed a valid subnet on to our ip address 80.80.80.1 ...better now ?
Thank You
Tom -
PS: I tried this : http://doc.pfsense.org/index.php/How_can_I_completely_disable_NAT%3F
I did exactly as it was described there and it is working fine for
Linux servers but not for Windows, the linux server is coming right out on to internet with its own ip address assigned to NIC card…
I run some ping from Linux server against external domains and everything is working fine...than I tried to run "cmd" and ping one official ip address from windows and I was able to ping the ip but not domain, and the DNS is also configured..
But I have to run a ping first time when the Windows boots up in order to see it in arp table on the pfSense ...So it smells like arp issue in this case between windows and pfSense ...
Any idea ?
Tom
-
run some more test from windows and I can only ping wan ip addresses out on the internet but I cannot ping the domain names, and I cannot surf
using domain names and i cannot surf using ip addresses either, so all I can do from windows is ping external domains :( WIREDTom
-
ARP obviously works from what you said functions (no device will show up in the firewall ARP table until it tries to communicate out, that's just how networking functions), and the firewall is obviously passing traffic out from the Windows hosts. The issue is somewhere on your Windows host, having DNS servers that don't respond sounds like the most likely cause.
-
hello,
You`re right, I found the problem. The ISP denied DNS resolve from the subnet they routed to me, and I have disabled NAT in the pfSense and than server used its own ip address
which was in the subnet which is denied by ISP because that subnet belongs us now… and before I disabled the NAT server used pfSense WAN ip address which ISP assigned to us and than it worked because DNS resolve was allowed from that IP address because it belongs to ISP.The reason why the Linux was ok is that linux used 127.0.0.1 for DNS lookup it used its own DNS server for resolve...
Thank You again !
Tom