Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login
    Introducing Netgate Nexus: Multi-Instance Management at Your Fingertips.

    Virtual IP subnet IPs not expanding into NAT

    Scheduled Pinned Locked Moved HA/CARP/VIPs
    5 Posts 2 Posters 307 Views 3 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • B Offline
      Barnzey90
      last edited by

      Hi All, first post here.
      Having an issue with setting up Virtual IPs in a fresh install of pfSense 2.8.1 in a Hyper-V VM (MAC address spoofing is enabled, Gen 2 VM, Config version 9.0).

      We have a /30 from our provider which is setup as the default WAN.
      Our provider also routes two separate /28's over this link.
      I've setup the Virtual IPs as type "other", selected the WAN interface, Address type as network, specified the network address and set the correct subnet, and left "Disable expansion" unchecked. Which should all be fine.

      The issue I'm having is despite leaving "Disable expansion" unchecked, pfSense isn't expanding the subnet addresses into the NAT list to setup Port Forwarding. The only entry showing in the destination dropdown is "Subnet: <network address>/28 ()" whereas I should have a list of the 16 addresses and the subnet entry.

      I have previously set this up in pfSense 2.4.4 and it worked as expected, so I'm not sure what I'm missing here.

      Any help is greatly appreciated.

      1 Reply Last reply Reply Quote 0
      • B Offline
        Barnzey90
        last edited by

        In trying to diagnose this further, I've gone back in versions and found that the last stable this works in correctly is 2.7.0 it's not working in 2.7.1, 2.7.2, 2.8 and 2.8.1.

        Not sure what changed in 2.7.1, whether this is a bug or whether something was added in that requires extra settings ?

        patient0P 1 Reply Last reply Reply Quote 0
        • patient0P Offline
          patient0 @Barnzey90
          last edited by

          @Barnzey90 I tested it on latest pfSense+ and it behaves the same. It looks like a bug to me because the documentation clearly states:

          • Can be used for NAT.
          • <snip> ...
          • Can be added individually or as a subnet to make a group of VIPs.
          • Can be used with CARP, e.g. subnet routed to external CARP VIP.

          https://docs.netgate.com/pfsense/en/latest/firewall/virtual-ip-address-comparison.html#other

          And checking ""Disable expansion" adds <noexpand></noexpand> and unchecking removes it. But there is no difference in the GUI.

          B 1 Reply Last reply Reply Quote 0
          • B Offline
            Barnzey90 @patient0
            last edited by

            @patient0 yeah that is my assumption at this point too. I read the changelog for 2.7.1 and there were a fair few changes to VIPs though nothing I can see specific to the "Other" type VIPs. Guessing something they've changed has unintentionally interfered with "Other" VIP expansion.

            patient0P 1 Reply Last reply Reply Quote 0
            • patient0P Offline
              patient0 @Barnzey90
              last edited by

              @Barnzey90 do you have an account on https://redmine.pfsense.org/ to report the issue?

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2026 Rubicon Communications LLC (Netgate). All rights reserved.