PPPoE WAN Multi IP Port Forward

VioletDragon

Hi folks,

Upgraded to 5 IP address however I have a IP that I get when I use PPPoE which starts with 81.150 & the 5 Static IPs are starting with 217.45 I've added them as VIPs 217.45 /29. logging into SSH and running ifconfig shows the IPs under pppoe0 as follows,

pppoe0: flags=89d1<UP,POINTOPOINT,RUNNING,NOARP,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1492
	description: WAN
	inet6 fe80::225:90ff40%pppoe0 prefixlen 64 scopeid 0x17
	inet 81.150.18 --> 81.148 netmask 0xffffffff
	inet 217.45.13 --> 81.148 netmask 0xfffffff8
	inet 217.45.13 --> 81.148 netmask 0xfffffff8
	inet 217.45.13 --> 81.148 netmask 0xfffffff8
	inet 217.45.13 --> 81.148 netmask 0xfffffff8
	inet 217.45.13 --> 81.148 netmask 0xfffffff8

I have removed rest of the IPs due to security purposes.

Now my problem is that if I create a Port Forward rules it works internally but not externally even though I have a NAT rule. I have tried a simple Port Foward by setting it as Single IP -> Points to IP2 under Destinated -> Redirect target IP -> IP of Web Server on Port 80 to test however it works internally but not externally when trying to go to 217 WAN IP.

I have also tried 1:1 NAT but still the same problem.

Am I missing something here ? or does this mean that these new block of IPs are simpily not working?

Regards

viragomann

@VioletDragon said in PPPoE WAN Multi IP Port Forward:

Now my problem is that if I create a Port Forward rules it works internally but not externally even though I have a NAT rule. I have tried a simple Port Foward by setting it as Single IP -> Points to IP2 under Destinated -> Redirect target IP -> IP of Web Server on Port 80 to test however it works internally but not externally when trying to go to 217 WAN IP.

What to you mean with "internally" and "externally"?
Inbound and outbound?

To map an external IP to an internal statically for both directions you need to create a NAT 1:1 rule.
What does not work with that? Can you post your rules?

BTW: There is no need to assign the IP to the pfSense WAN interface, as long as you only want to forward them to internal devices or even to masquerade outbound traffic. This is only necessary if you want to use them on pfSense.

VioletDragon

@viragomann They need to accessed internally and externally, When enabling a Port Forward Rule it's only accessible internally not externally, I think the problem is that the firewall has not upgated the WAN interface, of course I can't reboot to check this until i get new PTR Records for the Mail Servers.

viragomann

@VioletDragon
If you've added a port forward rule to the WAN I'd expect, that you can access it from the internet.

The static IPs should be routed to the PPPoE IP by the ISP. But maybe there is something wrong.
To investigate, run a packet capture on WAN, while you access one of your static IPs from the internet and check if you can see the packets.

VioletDragon

@viragomann Fixed the problem by rebooting fw01, but strange thing is, WAN which had one Static IP for years since 2014 is now Dynamic but has 5 IPs on a /29 subnet. I find it strange that the WAN's IP is Dynamic but yet has 5 Statics on it. Strange

viragomann

@VioletDragon
You can ask your ISP for giving you a static IP again instead the dynamic.

VioletDragon

@viragomann Problem resolved.