Pfsense 1.2.3 on ESXi 4
-
Hello,
i got a strange problem with my pf on ESXi4.
the physical server is a DL380 2CPU, 8G RAM, 73G SAS6 RAID5, 2 physical NIC 1000M.the physical server installed ESXi 4.0 u1. the physical nic are all connected to same vswith.
the VM for pfsense have 1 Virtual CPU, 512M RAM, 4G HDD, 2*NIC, installed latest pfsense working as the firewall.the network topology is:
100M connection from local ptt, 32 static IPs, 7 physical servers behind the pfsense.
the servers provide the web service outside. all these servers only got private ip.
the pfsense 1 nic got the internet ip address another one got the private ip in the same range as my servers.the private ip range is 10.15.188.60 to 75, the web is 60, cms is 61, im is 62 other is DB. the pfsense internet ip is 58.83.226.132 the private ip is 10.15.188.1.
on the dns server registered www to 58.83.226.133, cms to 58.83.226.134, im to 135.
what i wanna is: when the browser type domain name www.domain.com the pfsense will redirect all of the traffic to 10.15.188.60, cms will forward to 61, im will forward to 62 etc….
but now, i setup many virtual ip on the wan interface which is 133,134,135,136 (CARP type), it can ping successful, but when try to use browser software such as ie, my ie will show me the pfsense configuration pages, when i change my pfsense GUI port to other (not 80), it will not show me anything.
is there anyone can help me on this?
-
must not be very important to not include the problem in the post…...
details would help
-
must not be very important to not include the problem in the post…...
details would help
sorry i click wrong button, now it was all of my problem.
-
sounds like you are double NAT'd.
I am just getting my feet wet with more advanced networking, trying to use VLANs without having a physical managed switch, so I can't begin to comprehend esxi, thought that I could use esxi as a vswitch only as a guest in vmware 7 and pfense as a guest in vmware 7 since nesting VM's isn't supported. I'm limted to only a consumer device 1 ethernet and two wifi adapters.
Anyways, to get to the point, in a physical environment I ran into maybe a similar problem when I connected the uplink of one router to another. Running a webserver behind the second router, I was presented with the first routers web configuration page when trying to access my FQDN from within the network. I know this isn't an answer to your problem but perhaps it may present some idea's for your answer. A similar problem happened to a customer some time ago, he phoned in for support because he couldn't get to his Windows Home Server box by typing in his domain from within the network. I asked him what his domain was so I could test it from the office outside of his network and I was able to access the webadmin page for his WHS.
So my guess is that outside of the network, things will work the way they are supposed to and from within the network, if you typed in the computers private IP, you would get to the webserver. If you want to stay double NAT'd (if in fact you are) then perhaps you could create an entry in your DNS records to point to the internal ip address of the webserver. Or, if this is on par, create a 1:1 entry under firewall>NAT.
Perhaps a professional with experience may be better to solve this problem, i'm just giving it a shot.
-
In this case you want to use 1:1 NAT settings and not the Virtual IP settings.
with the Virtual IP settings you have, you're telling pfSense to respond to the global IP addresses, but there's nothing to corolate them with the internal IP addresses.
with 1:1 NAT, i believe you shouldn't need the Virtual IP settings (although you may)