Virtual IP with manual Outbound NAT = No internet
-
Did you specify that all Public LAN traffic uses the second gateway, under the rule's Display Advanced options?
-
I specified the gateway under the default allow all rule. I did not specify it under all of the rules. Here is what I have:
The top 2 rules allow access to workstations on the private LAN. I just realized when I looked at it that my 4th rule may be redundant.
-
Your 4th rule is irrelevant since inter-LAN traffic never hits the router.
Can you post updated screenshot of your outbound NAT?
-
I have my outbound NAT set back to automatic. Since I don't have a virtual IP set up any more, the rules had reverted back to default anyway.
-
It's starting to get confusing now. Do you still have .123 defined as a second WAN? Do you have rule(s) that direct traffic to one WAN versus another? If your outbound NAT is set to Auto, then you should have more than the default NAT rules there.
-
Here is what I have done and where we are at:
- I removed the .123 address as a virtual IP.
- I set Outbound NAT back to Auto.
- I created a new gateway with the .123 address called NTS_FIBER_PUBLIC.
- I edited the "Allow to any" firewall rule under the Public LAN and specified the new .123 gateway.
So in effect I reverted everything back to before I started trying to get the second IP to work, then made the changes we have discussed.
-
OK, I misspoke and confused things when I referred to it as another "gateway". You only have the one gateway via the one ISP. Mr brain hurts on Mondays…
Create a virtual IP - IP Alias for your .123 address. Then you should be able to change your Outbound NAT to Hybrid and add a rule:
WAN 192.168.10.0/24 * * * a.b.c.123 * Randomize
-
OK, I removed all the gateway stuff and created a virtual IP again.
I am starting to believe that my virtual IP simply isn't coming up, as in it's never registering with my ISP.
I tried to create a simple rule to pass ICMP through and cannot ping from outside my network. If I change it to my WAN address, I can ping no problem. -
Create the virtual IP address on WAN. I would use type IP Alias to start.
In Diagnostics > Ping, ping your ISP gateway address. For source address, select the VIP.
If that does not work, call your ISP.
If it does work, do the same thing to 8.8.8.8 or something.
If that works it should all work fine and you can move to your outbound NAT config.
-
Thanks for the tip! I was trying to find an easy way to verify that my virtual IP was actually working. It's not.
I will call my ISP and see if they can help me out.Thank you both for your time.
