Virtual IP - works only first in the list?
-
Hi to all,
I have problem with Virtual IPs on OPT1 (pfSense 1.2.2). When I set more than one Virtual IP only first IP in the list works (I'm using VIPs for port forwarding - port TCP 443). I have set proper NAT forwarding and rules but only IP that is on the first line works (tested with all IPs).
What can cause this problem?My configuration:
(WAN) (94.XX.XX.40)
(OPT1) (95.XX.XX.35) - VIPs - .36, .37, .38, .39 (Proxy ARP, Single address)
|
pfSense
|
–---(LAN) --- 192.168.28.5 (port 443)
-
I'm not sure i understand.
Do you forward from all VIPs the same port to the same server?
-
I'm not sure i understand.
Do you forward from all VIPs the same port to the same server?This was my first try - to forward TCP 443 for .35, .36 and .37 but it works only for .35 and .36
My second try was to clear all rules for OPT1 and to forward port TCP 3389 with external IP .37 ONLY but it doesn't work again….When I change NAT to forward to the first VIP (.36) it works, if I change order in VIPs (first is .37 and second is .36) only .37 forwarding works... Sounds like a bug?
-
So you created an NAT rule for each VIP?
Did you also create a firewall rule for each VIP?
-
So you created an NAT rule for each VIP?
Did you also create a firewall rule for each VIP?Sure, I have one NAT rule for one VIP and one OPT1 rule (just to be a clear test). I have no other rules for OPT1 and port TCP 3389 (but I have rule for WAN):
Virtual IPs:
95.XX.XX.36/32 P ARP
95.XX.XX.37/32 P ARP
95.XX.XX.38/32 P ARPNAT rule:
OPT1 TCP 3389 192.168.28.5 (ext.: 95.XX.XX.37) 3389 TestRDPOPT1 rule:
TCP * * 192.168.28.5 3389 *This configuration works only when .37 is the first line in VIPs… If it is second ot third it doesn't work.
