Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Problem accessing through Virtual IPs

    NAT
    2
    3
    1.9k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • H
      hutchinsw
      last edited by

      Hello - Before being turned on to pfSense, I had a network that looked like this:
      1. Internet
      2. Insight Broadband Cable Modem (Static IP capable)
      3. Network switch
      4a. Mail server (Manual assigned IP: x.x.70.18)
      4b. Web server (Manual assigned IP: x.x.70.19)
      4c. Wireless Router (for internal access Manual assigned IP: x.x.70.20)

      Everything worked fine until I got hacked and decided to institute some extra security.

      Now I have a pfSense 1.2.2 firewall in the mix, but no public IPs work except the WAN assigned IP.  I created virtual IPs for the other 4 available IPs in my block but none seem to work. In fact, even with a port forward on the WAN interface to my internal web server, I get presented with the pfSense challenge for credentials.  I'm not sure if this is because the client trying to access the website is on the LAN section of the firewall or if Internet users get the same challenge at all.

      Diagram of my new network config is attached.

      As for client access to the Internet, everything works fine.  I just can't figure out how to make the public IPs work.  Do I have to put a switch in between to make the public IPs work? Sorry for my ignorance.  I've just never configured a network with a hardware firewall.  I thought it would be easier when I read about the virtual IP capability.

      I'm obviously doing something wrong.  Did I miss something or do I need to have separate firewalls for each IP. That doesn't make sense to me, but I thought I would ask.

      Any help would be greatly appreciated!
      Network_diagram.gif
      Network_diagram.gif_thumb

      1 Reply Last reply Reply Quote 0
      • S
        Supermule Banned
        last edited by

        No problem….

        Use port forwarding from the WAN interface to the IP adresses of the servers...

        Port 80 to webserver, port 25 to SMTP and so forth....

        1 Reply Last reply Reply Quote 0
        • H
          hutchinsw
          last edited by

          I'm sorry. I should have specified that I tried using port forwarding from both the WAN port and the virtual IP I created for my web server. No luck.

          I also tried a packet capture to see if the packets were being rejected by the firewall for some reason. After trying the website multiple times, I stopped the capture only to find no packets were captured.

          I think it has to do with my ISP.  I have a call in to them, but they don't work on weekends. Go figure.

          Essentially, I followed all the setup guides and then a guide I found at: http://www.digitalphotomac.com/PFsense/VirtualIP/, which seemed to explain exactly what to do.  But it still didn't work. The only difference was I am using a Cable ISP and he is using a DSL provider.  Seems that is the problem.

          I may have to purchase a different ISP to make this work, but that would be a last resort.

          Thanks for your help.

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.