Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    VIP on outbound NAT not accessible from other clients on same network as VIP

    Scheduled Pinned Locked Moved HA/CARP/VIPs
    1 Posts 1 Posters 460 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • J Offline
      john-arvid
      last edited by

      I think this belongs to this subforum, but it also belongs to NAT and Routing.

      I will try to explain my problem as good as possible. Let me know if something needs more in depth explaining.

      public network: 8.8.8.0/24
      private network: 192.168.0.0/24

      virtual ip: 8.8.8.6/32
      user ip: 8.8.8.43/24
      webserver ip: 192.168.0.15/24
      wan interface ip: 4.4.4.2/30
      lan interface ip: 192.168.0.1/24
      opt1 interface ip: 8.8.8.1/24

      wan interface = public facing interface, static ip, upstream gateway 4.4.4.1/30
      lan interface = private facing interface, static ip, DHCP pool to users
      opt1 interface = DHCP server that gives out public ip addresses in 8.8.8.0/24 network

      VIP is set as NAT outbound for the private network.
      Port forwarding is set on the wan interface with Dest. Address = 8.8.8.6 to NAT IP 192.168.0.15 for port 80 (http)
      Access to the webserver and ping to the VIP is ok from the outside and from every interface.
      Access is not possible from the user ip 8.8.8.43 that is on opt1 network. (or any other users on that network, except from 8.8.8.1 that is the router)

      I have done packet capturing and the only thing I see is a ARP asking who has 8.8.8.6 and to tell 8.8.8.43.

      This makes sense but how can I do this so I have a Virtual IP in the same subnet as clients, and that the clients can be routed to the VIP?
      Or is this an impossible task.

      \JAK

      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.