1:1 NAT problem



  • i've done it before and it was working just fine. Now I can not seems to do simple thing with 1:1 nat.

    I have multiple IP on WAN interface available. One I use for router itself.
    I have LAN and OPT1 interfaces.
    LAN and OPT1 basic NAT is working.
    Now, I have virtual IP configured with second IP on WAN.
    As soon as I enable 1:1 NAT for Virtial IP to some IP on OPT1 interface
    i can not access Internet anymore from that OPT1 server.
    I run tcpdump and see packets going IN/OUT on WAN interface. I see
    rules in pfctl -s nat but it doesn't work.
    I'm sure it worked before on RC2 but I currently use RC3.
    Any ideas?

    – small update. i have 2 external IPs. x.x.x.142 and x.x.x.134
    i had a server running on x.x.x.142
    i take server, change IP from x.x.x.142 to 10.10.10.142 and plug it into OPT1
    configure two ARP/P Virtual addresses on firewall: x.x.x.134 and x.x.x.142
    set 1:1 NAT from BOTH virtual IPs into 10.10.10.142
    ping from outside x.x.x.134  works
    ping from outside x.x.x.142  doesn't work
    tcpdump shows that ICMP packets are coming on my WAN interface but they are not
    being forwarded into OPT1 interface.
    I did reboot firewall - doesn't help :(

    -- one more update.
    i let firewall run for about 5 hours with this config 1:1 NAT that doesn't work.
    5 hours later i've got the page from the server... it is working now with
    both IPs. ARP chache on providers router/dsl equipment?
    DSL provider is SpeakEasy.
    but 5 hours?!?  ???



  • ProxyARP doesn't support ICMP (ping) and never did. Use CARP for this. Portforwards will work with ProxyARP.



  • i have proxyARP virtual IPs. i couldn't configure basic port 22 forwarding from
    ProxyArp ip into OPT1 interface.
    i need 1:1 NAT anyway and it is working now including ping (ICMP).
    How does it work? or it shouldn't work and I have to use CARP?


Log in to reply