Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Virtual IP - works only first in the list?

    Scheduled Pinned Locked Moved HA/CARP/VIPs
    5 Posts 2 Posters 3.1k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • U
      unguzov
      last edited by

      Hi to all,

      I have problem with Virtual IPs on OPT1 (pfSense 1.2.2). When I set more than one Virtual IP only first IP in the list works (I'm using VIPs for port forwarding - port TCP 443). I have set proper NAT forwarding and rules but only IP that is on the first line works (tested with all IPs).
      What can cause this problem?

      My configuration:

      (WAN) (94.XX.XX.40)
      (OPT1) (95.XX.XX.35) - VIPs - .36, .37, .38, .39 (Proxy ARP, Single address)
       |
      pfSense
       |
      –---(LAN) --- 192.168.28.5 (port 443)

      1 Reply Last reply Reply Quote 0
      • GruensFroeschliG
        GruensFroeschli
        last edited by

        I'm not sure i understand.
        Do you forward from all VIPs the same port to the same server?

        We do what we must, because we can.

        Asking questions the smart way: http://www.catb.org/esr/faqs/smart-questions.html

        1 Reply Last reply Reply Quote 0
        • U
          unguzov
          last edited by

          @GruensFroeschli:

          I'm not sure i understand.
          Do you forward from all VIPs the same port to the same server?

          This was my first try - to forward TCP 443 for .35, .36 and .37 but it works only for .35 and .36
          My second try was to clear all rules for OPT1 and to forward port TCP 3389 with external IP .37 ONLY but it doesn't work again….

          When I change NAT to forward to the first VIP (.36) it works, if I change order in VIPs (first is .37 and second is .36) only .37 forwarding works... Sounds like a bug?

          1 Reply Last reply Reply Quote 0
          • GruensFroeschliG
            GruensFroeschli
            last edited by

            So you created an NAT rule for each VIP?
            Did you also create a firewall rule for each VIP?

            We do what we must, because we can.

            Asking questions the smart way: http://www.catb.org/esr/faqs/smart-questions.html

            1 Reply Last reply Reply Quote 0
            • U
              unguzov
              last edited by

              @GruensFroeschli:

              So you created an NAT rule for each VIP?
              Did you also create a firewall rule for each VIP?

              Sure, I have one NAT rule for one VIP and one OPT1 rule (just to be a clear test). I have no other rules for OPT1 and port TCP 3389 (but I have rule for WAN):

              Virtual IPs:
              95.XX.XX.36/32 P ARP
              95.XX.XX.37/32 P ARP
              95.XX.XX.38/32 P ARP

              NAT rule:
              OPT1 TCP 3389 192.168.28.5 (ext.: 95.XX.XX.37) 3389 TestRDP

              OPT1 rule:
              TCP * * 192.168.28.5 3389 *

              This configuration works only when .37 is the first line in VIPs… If it is second ot third it doesn't work.

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.