1:1 NAT Issue
-
some kind of bug with pfsense
I used to let that bother me. Therapy has helped. ;)
-
What type of WAN connection do you have that allows multiple public IP addresses?
Are you testing from inside or outside?
Post the screen shots of your WAN interface, WAN Firewall Alias, 1:1 NAT rule, and corresponding WAN firewall rule.
http://puu.sh/rJ7Fy/b482f4309e.png ->Public IP 1
http://puu.sh/rJ81c/eddeb19722.png ->Public IP 2, I've found different posts that suggest both IP Alias and Proxy ARP, tried both
http://puu.sh/rJ8tc/266673a949.png ->Public IP 2, Private IP of PC
http://puu.sh/rJ8z9/9cf43675df.png ->Private IP of PC@KOM:
I wish I had a dollar for every person who thought they found a bug in pfSense but it was really a misconfiguration.
I don't think that it's a bug in pfsense. I was just explaining that I know this is possible with port forwarding as well, but would like to find out what I'm doing wrong with this setup, because as far as I can tell it should be working, hence why I posted to ask someone else to be kind enough to look at my configuration. I'm sorry that you seem to have taken offense to my previous post, but I didn't mean anything by it nor was I blaming the software.
-
In the images you posted your 1:1 NAT entry is disabled.
-
In the images you posted your 1:1 NAT entry is disabled.
Right, with it enabled I have horrible packet loss so it's disabled until I try something else to fix it again.
-
with it enabled I have horrible packet loss
How are you testing and measuring?
-
@KOM:
with it enabled I have horrible packet loss
How are you testing and measuring?
I've tried different speed testing sites, all come in at ~10% of what typical results are. Pinging any public IP (google for example) will have several successful ping and several timeouts. Attempting to reach any website takes significantly longer than usual, occasionally failing to load css or images properly.
Disabling the rule returns functionality back to normal.
-
Weird. A 1:1 NAT should have no bearing on other outgoing network traffic. What version of pfSense, and what are you running it on?
-
@KOM:
Weird. A 1:1 NAT should have no bearing on other outgoing network traffic. What version of pfSense, and what are you running it on?
2.3.2-RELEASE-p1 , had tried updating to see if that was a fix but no luck. I'm using a supermicro X10SLL-F motherboard, xeon e3-1220 v3 cpu, 8gb ram.
-
Sounds like a problem with the ISP to me. Probably time to packet capture on WAN when it is malfunctioning and see what's really going on there. Make sure all the IP addresses and MAC addresses are doing what they are supposed to be doing.
-
so if I understood correctly,
WAN–---LAN
l
l
l
VIP (email server or websites another WAN IP?)- What internet provider do you have and is it fiber or is the WAN DHCP?
- if its fiber usually at least where i live lSP gives 5 static IPs which you can configure using VIP and using the 1:1 no issue
- if its WAN DHCP then you need another network card because the Modem of the lSP wraps around your MAC and wont let you have 2 IP. then no need to 1:1 but instead you need to edit the settings on hybrid mode on outbound NAT and add the LAN ip which you want to separate and edit the NAT rules for that IP see pictures
-
"I wish I had a dollar for every person who thought they found a bug in pfSense but it was really a misconfiguration."
hehe - if that could only go to help fund pfsense ;)
