1:1 NAT problem
-
i've done it before and it was working just fine. Now I can not seems to do simple thing with 1:1 nat.
I have multiple IP on WAN interface available. One I use for router itself.
I have LAN and OPT1 interfaces.
LAN and OPT1 basic NAT is working.
Now, I have virtual IP configured with second IP on WAN.
As soon as I enable 1:1 NAT for Virtial IP to some IP on OPT1 interface
i can not access Internet anymore from that OPT1 server.
I run tcpdump and see packets going IN/OUT on WAN interface. I see
rules in pfctl -s nat but it doesn't work.
I'm sure it worked before on RC2 but I currently use RC3.
Any ideas?– small update. i have 2 external IPs. x.x.x.142 and x.x.x.134
i had a server running on x.x.x.142
i take server, change IP from x.x.x.142 to 10.10.10.142 and plug it into OPT1
configure two ARP/P Virtual addresses on firewall: x.x.x.134 and x.x.x.142
set 1:1 NAT from BOTH virtual IPs into 10.10.10.142
ping from outside x.x.x.134 works
ping from outside x.x.x.142 doesn't work
tcpdump shows that ICMP packets are coming on my WAN interface but they are not
being forwarded into OPT1 interface.
I did reboot firewall - doesn't help :(-- one more update.
i let firewall run for about 5 hours with this config 1:1 NAT that doesn't work.
5 hours later i've got the page from the server... it is working now with
both IPs. ARP chache on providers router/dsl equipment?
DSL provider is SpeakEasy.
but 5 hours?!? ??? -
ProxyARP doesn't support ICMP (ping) and never did. Use CARP for this. Portforwards will work with ProxyARP.
-
i have proxyARP virtual IPs. i couldn't configure basic port 22 forwarding from
ProxyArp ip into OPT1 interface.
i need 1:1 NAT anyway and it is working now including ping (ICMP).
How does it work? or it shouldn't work and I have to use CARP?