Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    1:1 NAT problem

    Scheduled Pinned Locked Moved
    NAT
    2
    3
    2.5k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      svd
      last edited by

      i've done it before and it was working just fine. Now I can not seems to do simple thing with 1:1 nat.

      I have multiple IP on WAN interface available. One I use for router itself.
      I have LAN and OPT1 interfaces.
      LAN and OPT1 basic NAT is working.
      Now, I have virtual IP configured with second IP on WAN.
      As soon as I enable 1:1 NAT for Virtial IP to some IP on OPT1 interface
      i can not access Internet anymore from that OPT1 server.
      I run tcpdump and see packets going IN/OUT on WAN interface. I see
      rules in pfctl -s nat but it doesn't work.
      I'm sure it worked before on RC2 but I currently use RC3.
      Any ideas?

      – small update. i have 2 external IPs. x.x.x.142 and x.x.x.134
      i had a server running on x.x.x.142
      i take server, change IP from x.x.x.142 to 10.10.10.142 and plug it into OPT1
      configure two ARP/P Virtual addresses on firewall: x.x.x.134 and x.x.x.142
      set 1:1 NAT from BOTH virtual IPs into 10.10.10.142
      ping from outside x.x.x.134  works
      ping from outside x.x.x.142  doesn't work
      tcpdump shows that ICMP packets are coming on my WAN interface but they are not
      being forwarded into OPT1 interface.
      I did reboot firewall - doesn't help :(

      -- one more update.
      i let firewall run for about 5 hours with this config 1:1 NAT that doesn't work.
      5 hours later i've got the page from the server... it is working now with
      both IPs. ARP chache on providers router/dsl equipment?
      DSL provider is SpeakEasy.
      but 5 hours?!?  ???

      –
      S

      1 Reply Last reply Reply Quote 0
      • H
        hoba
        last edited by

        ProxyARP doesn't support ICMP (ping) and never did. Use CARP for this. Portforwards will work with ProxyARP.

        1 Reply Last reply Reply Quote 0
        • S
          svd
          last edited by

          i have proxyARP virtual IPs. i couldn't configure basic port 22 forwarding from
          ProxyArp ip into OPT1 interface.
          i need 1:1 NAT anyway and it is working now including ping (ICMP).
          How does it work? or it shouldn't work and I have to use CARP?

          –
          S

          1 Reply Last reply Reply Quote 0
          • First post
            Last post