Port Forward NAT is not working
-
(Ive had NAT working before but I changed some settings and messed everything up)
Alright so before I get into anything, I am using "Proxy ARP" for Virtual IP….so maybe that is the problem, idk which to use. I made another post asking to explain the differences of the VIPs (I have the pfsense gold book and I read it but I still dont understand)
Anyway, I have a block fo 5 IPs, one is assigned to WAN interface and another I want to use to assign to a server, so I went to Firewall > NAT > Port Forward and made a port forward rule accordingly, firewall rule got created automatically. Example below,
(I blocked out IP for privacy reasons)The NAT IP is not on LAN interface, it is on OPT1 interface and I made a firewall rule to allow everything from OPT1 to LAN….remember I stated above I had this working fine a few months ago so I think the problem is due to the Virtual IP as that is what I changed.
This is the Virtual IP,
http://i.imgur.com/BMh7MMu.png
I would really appreciate if you guys could help me out with this one! Thanks!
-
Pretty sure you should be using IP alias fir the vip. and mask should be the mask you have for the IP your using - have to assume your 5 address you have are all in the same block.
then once you create the vip you would pick that as the dest in your nat rule.
-
https://doc.pfsense.org/index.php/What_are_Virtual_IP_Addresses
-
Pretty sure you should be using IP alias fir the vip. and mask should be the mask you have for the IP your using - have to assume your 5 address you have are all in the same block.
then once you create the vip you would pick that as the dest in your nat rule.
I changed to IP alias, I forget what to put for the mask, its on 32 by default….I checked my WAN interface and it is set to 24 so I should put 24 as well?. My 5 IPs are all on the same black, they are 96.242.131.x and they all are increments. I went back to NAT rules and it seemd to put it to that virtual IP for me now.
-
Proxy ARP VIP should have worked too. Did changing to IP Alias fix the forward? How were you testing?
-
Proxy ARP VIP should have worked too. Did changing to IP Alias fix the forward? How were you testing?
It seemed to have fix it at least for web server, I checked it by accessing my domain name myself, asking a friend to access it and using a website to check if the domain name was up and all were able to access. I asked my friend to check if he could access my external IP also and it worked. However if I try accessing my FTP server or minecraft game with external IP I can't, internal works fine…..really strange. I would like to note I have NAT reflection set to "Disabled"
-
Proxy ARP VIP should have worked too. Did changing to IP Alias fix the forward? How were you testing?
Did some more tests and for some odd reason, almost all ports are opened except for a select few.
-
https://doc.pfsense.org/index.php/Port_Forward_Troubleshooting
