AWS on PFSense. What's the proper config for routing?
-
Confirmed LAN is on static and set to 172.30.3.10. I might have switched to manual NAT before choosing Advanced during this debugging process. Very possible. Not seeing anything that corresponds to that subnet anywhere in the Routing section under System. No idea where that's coming from.
Manually added and still no ping out.
Int Source Source Port Dest Dest Port NAT Address NAT Port Static Port Desc Actions
WAN 172.16.3.0/24 * * * WAN address *Also ran another packet capture and it's still not translating.
-
@derelict Shouldn't the WAN address be the elastic IP address AWS assigned me instead of the public subnet IP address?
-
No. The VPC NATs from the interface IP address to the Elastic IP on the igw.
-
@derelict Well, then I'm out of ideas. Thanks for trying.
-
How about you post screen shots. Something might not be set how you think it is.
LAN, WAN, Outbound NAT.
Maybe a screen shot of the states filtered on the interesting traffic.
Are you getting any alerts on the dashboard that the rule set isn't loading or anything like that?
-
@derelict I really hate stupid things that defy explanation. I just changed the manual NAT rule source address to any from the 172.16.3.0/24 network and ping started going through. I changed it back to 172.16.3.0/24 and it's still working. It's times like these I wish I had picked a different career
-
Maybe didn't hit apply? Were you running a continuous ping and didn't stop/start it after changing outbound NAT?
-
@derelict Yes, it was continuous.
-
Then changing NAT would not affect the already-established state. You would have had to stop and restart the ping or kill states.
-
@derelict Yup, rookie move. Thanks for sheparding me around. Now on to 1:1 NAT. I hope it's not as complicated as this process took. Any configuration guides you can point me too?
-
@joshuamichaelsanders 1:1 NAT for what?
-
@derelict Host a web server, mail server, etc.