Unable to ping VIP from pfsense web-gui
-
Hello All,
My first install of pfsense. 1.2.3 –
Delt with several firewall scenario's though, over years FYI.
Created 6 VIPs to use as lan> wan public port forwards.
Read through all of the how to's here and simply can not ping the VIP from the pfsense web-gui via the ,diagnostics-ping interface. I can ping the actual nic public ip here FYI.
I have tried adding the VIP address to allowed traffic in the firewall rules but I m sure i am missing something.
Edit: I created the VIP's as both 'other" and "Proxy-ARP" type and can not ping either.
Also can not ping any of the VIP's from sshing into the pfsense as well.
here is what i am wanting to accomplish:mail server inside pfsense 172.28.8.55
actual nic public ip xxx.xxx.xxx.66
VIP address xxx.xxx.xxx.68How do i forward the mail server ip address to the VIP/.68 ( port 143)to go out to the world for Webmail?
As said,I can not even ping the VIP from pfsense web-gui?Thanks,
Barry -
Only CARP type VIPs are pingable.
Are you sure you've set the subnet of the VIP correctly?Did you try to ping the VIP from another computer?
-
Gruens,
Thanks for the feedback.
When you say " Set the correct subnet",,You lost me.
I simply added the VIP as 'other" and also changed to Proxy-ARP. with no luck
Is this were I need to do a 1:1 Nat for the VIP,to 'bind' it to the WAN ip for example?
Were do I add subnet ? Don't remember seeing that option.
In past firewalls I always "assumed" the VIP's( public allocated by ISP) were bound to the wan address,to put it simply?
I also setup two of the created VIP's to be 'pingable' by adding them the same as you add the wan address in the firewall rules to be ICMP echo capable,for diagnostics. Still no ping responses.
Also, I am not using any sort of CARP stuff so that is not in the picture,FYI.Could you please give me a
1.
2.
3.
setup?Is there a way I should be able to do a traceroute from sshing into the pfsense box to my VIP address and hit it this way?
Also should I ever be able to see the VIP in the ifconfig command? AKA: ifconfig -a
Strange thing is when I set this up a few days ago, and had what i though was right for port forwards for the mail server I could access the WEBMAIL from NXing to my home PC from work and could in fact see/use the webmail ,,about 30 mins later it had quit. Could also telnet from remote/home pc to VIP address/pfsense port 143.
I didn't change a thing either,. As I said this is my first setup of pfsense,so things seem kinda cryptic to me in lots of things related to the setup.
As long as I have delt with this stuff, I feel like I have never been around this,,:-)Regards,
Barry -
If you are not using CARP type VIPs, then the IPs will not be pingable.
Look at the wiki-page to VIPs for more information.You dont need to do anything (like creating a 1:1 forward) for the VIP to function.
The VIP will bind to the interface on which you create it –> Not necessarily on WAN.You set the subnet on the same page on which you create the VIP.
You can use CARP-VIPs even if you dont need CARP functionality.
If you set up a VIP (any type) and forward stuff from it (and allow it with firewall rules) to a server behind it should just work.
I'm not sure i understood what your problem was.
Did you test from the outside? Did you try to access it from within your LAN?
Did you look at the pfSense wiki ( http://doc.pfsense.org )?
There are quite a few howtos.
