Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Alias IP and NAT doesn't work

    HA/CARP/VIPs
    1
    1
    1.4k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • O
      OsFrog
      last edited by

      Hello.

      I am having issues doing a pretty simple thing, and as I am running out of ideas, it's time to call some help.

      I am using PfSense 2.3.2 and want to add Virtual IPs to access my LAN, using port forwarding. I am pretty sure my problem is linked to some routing problem as my IPs aren't in the same block and I already had some problems before because of that. Let's say I want to ssh a machine from my LAN using this new IP.

      My WAN : 149.202.17x.xxx
      My Gateway : 149.202.16x.xxx
      My new IP I want to use to NAT port forward : 37.59.xxx.xxx
      The machine on the LAN I want to ssh : 192.168.0.10

      So I added my IP in Firewall > Virtual IPs

      Type : IP Alias
      WAN / Single Address / 37.59.xxx.xxx/32

      Then, I setup Firewall > NAT > Port Forward

      WAN
      TCP
      Single Host or Alias 37.59.xxx.xxx (I am using a Firewall Alias IP here)
      Destination Port Range SSH
      Redirect Target IP 192.168.0.10
      Redirect Target Port SSH
      Nat Reflection Use System Default
      Filter Rule Association Pass

      When I telnet 37.59.xxx.xxx 22, I have a timeout.

      If I add some rules on Firewall > Rules > WAN, I can activate ICMP and ping my VIP. I also manage to ssh my PfSense via this VIP if I add the according rule, but when I want to reach the LAN using NAT / Port Forwarding, it always times out.

      I tried to use CARP instead of IP Alias, same problem.

      What am I doing wrong ?

      Thank you for your time.

      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.