External IP addresses

MrV0

Hello

I cannot find what I am doing wrong.

The below list shows the currant setup of "Firewall: Virtual IP Addresses"
I can ping using http://ping.eu/ping/ all the 89.98.9.xx IP's and see the ICMP being blocked in the "Status: System logs: Firewall" (this is fine)
But when I try pinging any of the 51.148.46.xx IP's I do not see any log.

I have tried changing the subnet to 29,24,34 with no luck,
I have tried setting up 1:1 NAT to a working web server with no luck,

–Firewall: Virtual IP Addresses--
88.98.9.xx/29  WAN  ip alias     
88.98.9.xx/29  WAN  ip alias   
88.98.9.xx/29  WAN  ip alias   
88.98.9.xx/29  WAN  ip alias     
192.1.1.0/24  WAN  proxy arp

51.148.46.xx/24  WAN  ip alias     
51.148.46.xx/24  WAN  ip alias     
51.148.46.xx/24  WAN  ip alias     
51.148.46.xx/24  WAN  ip alias     
51.148.46.xx/24  WAN  ip alias

(Note all my 88.98.9.xx IP's are working fine, I am only having problems with the 51.148.46.xx IP's)

jamet

I have just fixed a very similar problem

When you created the WAN interface using the 88.89.9.xx interface you created a gateway address I assume.  You will need to do this for the 51.148.46.xx subnet also.

system/routing/gateways

Add the gateway to the same interface but also check the advanced settings and check the "Use non-local gateway through interface specific route"
This allowed me to have two gateways on the same interface which fixed the problem that you are referring to.  I am sure some guru around here will tell me I am completely wrong but no one ever answered my question so I offer you what little I know so far.

viragomann

Check the routing of the 51.148.46.xx/24 addresses. Maybe they're miss-routed by an ISP.
Try a traceroute to an address of this subnet.

MrV0

@jamet:

I have just fixed a very similar problem

When you created the WAN interface using the 88.89.9.xx interface you created a gateway address I assume.  You will need to do this for the 51.148.46.xx subnet also.

system/routing/gateways

Add the gateway to the same interface but also check the advanced settings and check the "Use non-local gateway through interface specific route"
This allowed me to have two gateways on the same interface which fixed the problem that you are referring to.  I am sure some guru around here will tell me I am completely wrong but no one ever answered my question so I offer you what little I know so far.

I will try this now.

MrV0

@jamet:

I have just fixed a very similar problem

When you created the WAN interface using the 88.89.9.xx interface you created a gateway address I assume.  You will need to do this for the 51.148.46.xx subnet also.

system/routing/gateways

Add the gateway to the same interface but also check the advanced settings and check the "Use non-local gateway through interface specific route"
This allowed me to have two gateways on the same interface which fixed the problem that you are referring to.  I am sure some guru around here will tell me I am completely wrong but no one ever answered my question so I offer you what little I know so far.

I cannot see "Use non-local gateway through interface specific route"

viragomann

You're running an old version of pfSense where this option in not available.
There is no need for this option anyway in a normal setup. If there is a gateway in the 51.148.46.xx/24 subnet you should be able to add it to pfSense after you've defined at least one virtual IP of this subnet with its real mask on the WAN interface.

However, the gateway won't be a solution for your problem, if you can't see packets arriving on the WAN interface destined for a 51.148.46.xx/24 address.

MrV0

@viragomann:

Check the routing of the 51.148.46.xx/24 addresses. Maybe they're miss-routed by an ISP.
Try a traceroute to an address of this subnet.

@viragomann:

You're running an old version of pfSense where this option in not available.
There is no need for this option anyway in a normal setup. If there is a gateway in the 51.148.46.xx/24 subnet you should be able to add it to pfSense after you've defined at least one virtual IP of this subnet with its real mask on the WAN interface.

However, the gateway won't be a solution for your problem, if you can't see packets arriving on the WAN interface destined for a 51.148.46.xx/24 address.

This is my WAN setup

WAN gateway

Gateways

I have also contacted Zen Internet who is checking if the IP's have been miss-routed.

johnpoz

if the 51.148.46.xx/24 is routed to you via your transit 88.98.9.xx/29, why would you not just put the 51.148.46/24 behind pfsense.. Why are you trying to set it up as vips on your wan?

MrV0

Its now working!

Forgot to add 51.148.46.xx/29 to the Cisco router and set the interface. (WHAT A NOOB)

On pfSense all what is needed is to add the IP's to "Virtual IP Addresses" and set them up on "Firewall: NAT: 1:1"

I deleted Gateway51 from the gateway list as its not needed