NAT on 27 net not working
-
Hi,
I want to use NAT outbound for HTTP/HTTPS/ICMP packet from the LAN net to the WAN net.This is the infrastrutture:
TestVM:
OS: CentOS 7
IP: 192.168.106.5/27
GW: 192.168.106.2
If i try to ping google.com the packet are lost (below the tcpdump):
PfsenseVM:
Pfsense = 2.3.2-RELEASE-p1 (amd64)
IP LAN: 192.168.106.2/27
IP WAN: 95.xxx.xxx.xxx
GW WAN: 95.xxx.xxx.xxxNAT Rules:
FW LAN Rules:
FW WAN Rules:
Any tips?
Best Regards,
Update 1: Fix typo
-
IP LAN: 192.168.106.2/24
So your network is a /24 - but you put the mask on the device in that same network as /27?? Yeah that is borked!! That is not how you do it.. If your network off pfsense is /24 then all devices in that network would use the same mask..
You can use the different cidr in your firewall rules and such.. But overall this is borked!!
192.168.106.2/24 – 192.168.106.5/27
-
Oh it's a typo on writing this post, the ip is 192.168.106.2/27.
-
Well there there is nothing wrong.. Where did you do that sniff showing traffic to 216.58.205.46? On the client sending the traffic or pfsense lan interface?
Maybe you just didn't get an answer? Sniff on your wan - did the syn go out your wan with your public IP?
-
Hi johnpoz,
I try to send ICMP request to google.com from TestVM:Capture on WAN: I can see only DNS forward request, no ICMP request / reply.
Capture on LAN: Show only DNS request.All capture is on promiscuous mode.
-
"Capture on LAN: Show only DNS request."
So you don't even see the icmp.. If your not seeing icmp getting to pfsense lan - then its never going to go out wan..
Your sure pfsense is set at your gateway on your testvm? I don't see any B hits on any of your lan rules.. Can you access pfsense web gui from your testvm?
-
Your sure pfsense is set at your gateway on your testvm?
Yes, the route show is on first post.Can you access pfsense web gui from your testvm?
Yes, below more details. -
What VM software you running on - there is some stickies on having to do some settings on some of them..