How can I achieve this with my current setup?

orientalsniper · Jul 29, 2013, 6:25 PM

I just enabled NAT back, but laptop can't ping any external sites.

Here's album:

http://imgur.com/a/PJCsF

External IP(/27) and Virtual IP are the same.

stephenw10 · Jul 29, 2013, 6:33 PM

Ok.
In the first page you said you wanted the public IPs actually assigned to the internal machines but here you are trying to 1:1 NAT to private IPs. You should be able to either but decide which way you need to go. 1:1 NAT is going to be easier to setup, a bit tedious but with only 20 clients do-able. However some software insists on having a public IP and won't run behind 1:1 NAT.

Steve

orientalsniper · Jul 29, 2013, 6:38 PM

Ok, sorry!

With NAT, internet connection works, but the laptop is using xxx.xxx.xxx.98 as public IP (pfSense WAN IP).

Well, I can go either way, as long the outbound connection uses a different IP for every computer. My current setup with my clients are using a public IP for each, but different ISP (different IP's), so I guess maybe we should try this way?

orientalsniper · Jul 29, 2013, 6:41 PM

wow ok, whatismyip.org just reported my IP as xxx.xxx.xxx.99 ??? I'm going to try now with a simple 5 port switch with another computer. Let me report back, thanks.

stephenw10 · Jul 29, 2013, 6:51 PM

Your virtual IP should be /32 (a single IP) since you have 1:1 NATed it to a single internal IP. Setup 20 VIPs, one for each internal device.
It may be possible to do the entire /27 range, though I've never done that and there would be a conflict with the WAN address.

Steve

orientalsniper · Jul 29, 2013, 8:07 PM

;D http://i.imgur.com/pV1T3wv.jpg

Now to the other issue, I don't have internet connection nor I can access WebGUI in host machine (where VM is running), but LAN interface is getting an IP from DHCP from pfSense VM.

stephenw10 · Jul 29, 2013, 10:10 PM

Hmm, I think we'll need some more details there. What is the host OS? What virtualisation software are you using? How many NICS?

Steve

kejianshi · Jul 29, 2013, 10:17 PM

"I don't have internet connection nor I can access WebGUI in host machine (where VM is running)" :o :'( :D
'Thats the first time "VM" has come up…

orientalsniper · Jul 29, 2013, 10:25 PM

haha, sorry for abusing you :D

I'll read it into it more and see if I can figure it out. For now pfSense in the VM is working properly. Will report anyway. Thanks.

kejianshi · Jul 29, 2013, 10:51 PM

Its no big deal - I never asked what is physical and what is virtual. These days, it should probably be a standard question I ask up front. So, did you get that info? OSes involved, VM type (vmware, virtual box?), etc.

orientalsniper · Jul 30, 2013, 5:35 PM

It's a Windows 7 running VirtualBox, there are 2 physical NIC's, 1 Wireless Card.

In the VM Side, Wan is bridged to 1st NIC, LAN is bridged to 2nd NIC. For now Wireless is isolated.

I haven't had time yet to keep testing, I will report as soon as possible.

stephenw10 · Jul 30, 2013, 9:30 PM

You did show a virtual environment in your first diagram, it just wasn't clear to me how things were connected.

It's hard to say quite what the issue here is. How does Windows see the NICs? If the host is receiving an IP from the pfSense DHCP server but still cannot access the webGUI I would suggest it is defaulting to using the wrong NIC. It would not be able to do so via the pfSense WAN unless you have enabled firewall rules to allow it. If the other NIC is not setup in Windows correctly then that would explain why it cannot get internet access.

Steve

orientalsniper · Jul 31, 2013, 3:24 PM

Let put that asides for a moment, do you know why after changing LAN from default (192.168.1.1) to anything else (ie. 10.0.0.0), I can't access WebGUI or have internet access.

stephenw10 · Jul 31, 2013, 4:08 PM

From where?

Did you refresh any dhcp leases?

It's sometimes necessary to restart the pfSense box to flush any references to the old address, or at least that's the easiest way.

Steve

orientalsniper · Aug 1, 2013, 4:28 PM

I solved it, I took out TCP/IP in host (Windows) and used internet connection to connect to WebGUI.

But I got another issue, Virtual IP and Nat 1:1 is working fine in all the computers, except a Ricoh Printer (MPC2050), every computer in Lan can ping it (10.0.0.99), but none can ping its external ip (xxx.xxx.xxx.99). Even the printer itself can't ping anything outside.

stephenw10 · Aug 1, 2013, 7:23 PM

Hmm. Is the printer using DHCP or statically assigned? Has the printer previously been shown to work in this sort of setup? Can you print to it?

Steve

orientalsniper · Aug 1, 2013, 7:39 PM

Before this setup, I could access it from anywhere (HTTP).

Printer has 10.0.0.99 assigned, every LAN computer is able to access it and print with it.

Public IP is linked through Virtual IP with NAT 1:1 to internal IP.

kejianshi · Aug 1, 2013, 8:07 PM

Stephenw10 is the most patient man I've never met. Its pretty much good to go now?

stephenw10 · Aug 1, 2013, 9:25 PM

Thanks! I try not to get hostile, it really doesn't help anybody.

If the printer has a statically assigned IP perhaps it has incorrect gateway info or DNS or subnet. I assume the printer has no command line that might give a useful output when you try to ping. Does it have any error message other than 'ping failed'?

Steve

Edit: Typo

orientalsniper · Aug 1, 2013, 9:21 PM

The IP's are assigned by mappings of the DHCP server, here is a photo of the printer network setup.