Adding another 1:1 NAT address doesn't work for me.
-
I've configured inbound services on separate IP's, and all is working well. The outside of my firewall is a single Ethernet adapter connected to my ISP's router. On that adapter, I have the following virtual IP addresses:
.3, .4. .5, .6, .8, .9, .10, .15, .18
These are used for DNS servers, mail servers, web servers, etc. All except the last two have worked fine for months. Yesterday, I added .15 for a test web server without issues. Today, I tried to add .18 for another test web server, and I can't get it to work.
I captured a network trace while testing a connection from the WAN network (.254) to the .18 web server (I've removed the actual IP address range):
11:28:25.564474 ARP, Request who-has xxx.xxx.xxx.18 (00:00:00:00:04:43 (oui Ethernet)) tell xxx.xxx.xxx.254, length 46
11:28:25.826951 ARP, Request who-has xxx.xxx.xxx.18 (00:00:00:00:04:43 (oui Ethernet)) tell xxx.xxx.xxx.254, length 46
11:28:26.793076 ARP, Request who-has xxx.xxx.xxx.18 (00:00:00:00:04:43 (oui Ethernet)) tell xxx.xxx.xxx.254, length 46
11:28:27.793730 ARP, Request who-has xxx.xxx.xxx.18 (6f:6d:00:00:01:00 (oui Unknown)) tell xxx.xxx.xxx.254, length 46
11:28:28.796194 ARP, Request who-has xxx.xxx.xxx.18 (6f:6d:00:00:01:00 (oui Unknown)) tell xxx.xxx.xxx.254, length 46From what I can tell, this shows me that firewall computer isn't responding to the IP address as if the card doesn't have that address assigned to it.
Could it be that I can't assign more than 8 addresses for the WAN port to listen on?
Does anyone have any suggestions for the troubleshooting next step? -
What type of virtual IP?
-
I'm using "Proxy ARP" for each single IP address.
-
Go to Diagnostics>Command and run:
ps ax |grep arp
and post the output of that.
-
Thanks for the help. Here's the output:
19081 ?? Ss 0:03.20 /usr/local/sbin/choparp fxp0 auto xxx.xxx.xxx.3/32 xxx.xxx.xxx.4/32 xxx.xxx.xxx.5/32 xxx.xxx.xxx.6/32 xxx.xxx.xxx.8/32 xxx.xxx.xxx.9/32 xxx.xxx.xxx.10/32 xxx.xxx.xxx.15/32
52623 ?? Ss 0:04.13 /usr/local/sbin/choparp rl0 auto xxx.xxx.xxx.18/32I've hidden the actual IP range. If you'd like to see that, just let me know.
-
Looks like you have it configured on the wrong NIC? all your other IPs are on fxp0, your .18 IP is on rl0.
-
Thank you SO VERY much. I had noticed that the address wasn't in the first line, and I didn't even look at the second line.
It works great now! I can't say enough good things about this product to do it justice!