1:1 NAT not working, disables outbound access



  • Currently, we are in the process of merging to networks together, so we added another NIC to our pfSense box.

    Some background:
    Public IPs: x.x.x.114-126
    Private Range (WAN): 192.168.118.
    Private Range (OPT1): 192.168.168.

    We started with no 1:1 NAT rules and now are trying to add them.
    The problem is that only some of the public IPs are actually coming through (they all used to work).
    The IPs are not all in one chunk, but are spread out across our block.

    Example: public.123->118.123 works; public.124->168.124 works; public.116->168.133 does not work
    –--------------------------------------------------------
    UPDATE: at the end of a eleven hour work day, we reverted to the old sonicwall appliance we were using and found that the ips that worked with the pfsense did not work with the sonicwall. Could this be an ISP issue?



  • UPDATE: at the end of a eleven hour work day, we reverted to the old sonicwall appliance we were using and found that the ips that worked with the pfsense did not work with the sonicwall. Could this be an ISP issue?

    This could very well be.
    They probably have the MAC of the old NIC cached.

    There have been quite a lot of problems discussed here in the forum which were resolved by power cycling the ISPs router.
    Or just wait long enough for the cache to expire.

    I assume you used CARP IPs?
    Each CARP IP has its own "virtual MAC".

    @http://forum.pfsense.org/index.php/topic:

    CARP mac addresses are generated with the first five octets being 00:00:5E:00:01 and the last octet being that of the CARP VHID.  If you want to change this, it's in the kernel, I wouldn't change it unless I knew what I was doing if I were you (it's set the way it is for good reason).



  • Solved
    Now that I know what to search for: http://forum.pfsense.org/index.php?topic=13825.0


Log in to reply