External IP addresses



  • Hello

    I cannot find what I am doing wrong.

    The below list shows the currant setup of "Firewall: Virtual IP Addresses"
    I can ping using http://ping.eu/ping/ all the 89.98.9.xx IP's and see the ICMP being blocked in the "Status: System logs: Firewall" (this is fine)
    But when I try pinging any of the 51.148.46.xx IP's I do not see any log.

    I have tried changing the subnet to 29,24,34 with no luck,
    I have tried setting up 1:1 NAT to a working web server with no luck,

    –Firewall: Virtual IP Addresses--
    88.98.9.xx/29  WAN  ip alias     
    88.98.9.xx/29  WAN  ip alias   
    88.98.9.xx/29  WAN  ip alias   
    88.98.9.xx/29  WAN  ip alias     
    192.1.1.0/24  WAN  proxy arp

    51.148.46.xx/24  WAN  ip alias     
    51.148.46.xx/24  WAN  ip alias     
    51.148.46.xx/24  WAN  ip alias     
    51.148.46.xx/24  WAN  ip alias     
    51.148.46.xx/24  WAN  ip alias

    (Note all my 88.98.9.xx IP's are working fine, I am only having problems with the 51.148.46.xx IP's)



  • I have just fixed a very similar problem

    When you created the WAN interface using the 88.89.9.xx interface you created a gateway address I assume.  You will need to do this for the 51.148.46.xx subnet also.

    system/routing/gateways

    Add the gateway to the same interface but also check the advanced settings and check the "Use non-local gateway through interface specific route"
    This allowed me to have two gateways on the same interface which fixed the problem that you are referring to.  I am sure some guru around here will tell me I am completely wrong but no one ever answered my question so I offer you what little I know so far.



  • Check the routing of the 51.148.46.xx/24 addresses. Maybe they're miss-routed by an ISP.
    Try a traceroute to an address of this subnet.



  • @jamet:

    I have just fixed a very similar problem

    When you created the WAN interface using the 88.89.9.xx interface you created a gateway address I assume.  You will need to do this for the 51.148.46.xx subnet also.

    system/routing/gateways

    Add the gateway to the same interface but also check the advanced settings and check the "Use non-local gateway through interface specific route"
    This allowed me to have two gateways on the same interface which fixed the problem that you are referring to.  I am sure some guru around here will tell me I am completely wrong but no one ever answered my question so I offer you what little I know so far.

    I will try this now.



  • @jamet:

    I have just fixed a very similar problem

    When you created the WAN interface using the 88.89.9.xx interface you created a gateway address I assume.  You will need to do this for the 51.148.46.xx subnet also.

    system/routing/gateways

    Add the gateway to the same interface but also check the advanced settings and check the "Use non-local gateway through interface specific route"
    This allowed me to have two gateways on the same interface which fixed the problem that you are referring to.  I am sure some guru around here will tell me I am completely wrong but no one ever answered my question so I offer you what little I know so far.

    I cannot see "Use non-local gateway through interface specific route"



  • You're running an old version of pfSense where this option in not available.
    There is no need for this option anyway in a normal setup. If there is a gateway in the 51.148.46.xx/24 subnet you should be able to add it to pfSense after you've defined at least one virtual IP of this subnet with its real mask on the WAN interface.

    However, the gateway won't be a solution for your problem, if you can't see packets arriving on the WAN interface destined for a 51.148.46.xx/24 address.



  • @viragomann:

    Check the routing of the 51.148.46.xx/24 addresses. Maybe they're miss-routed by an ISP.
    Try a traceroute to an address of this subnet.

    @viragomann:

    You're running an old version of pfSense where this option in not available.
    There is no need for this option anyway in a normal setup. If there is a gateway in the 51.148.46.xx/24 subnet you should be able to add it to pfSense after you've defined at least one virtual IP of this subnet with its real mask on the WAN interface.

    However, the gateway won't be a solution for your problem, if you can't see packets arriving on the WAN interface destined for a 51.148.46.xx/24 address.

    This is my WAN setup

    WAN gateway

    Gateways

    I have also contacted Zen Internet who is checking if the IP's have been miss-routed.


  • LAYER 8 Global Moderator

    if the 51.148.46.xx/24 is routed to you via your transit 88.98.9.xx/29, why would you not just put the 51.148.46/24 behind pfsense.. Why are you trying to set it up as vips on your wan?



  • Its now working!

    Forgot to add 51.148.46.xx/29 to the Cisco router and set the interface. (WHAT A NOOB)

    On pfSense all what is needed is to add the IP's to "Virtual IP Addresses" and set them up on "Firewall: NAT: 1:1"

    I deleted Gateway51 from the gateway list as its not needed


Log in to reply