Problem NAT 1:1 on VMWARE!

pfsensevietnam · Jul 7, 2010, 1:04 PM

I have installed Pfsense 1.2.3 on Vmware machine!

Pfsense box:
WAN ADDRESS: 192.168.3.130/24
LAN ADDRESS : 10.0.0.1/8
pc on lan:
ADDRESS: 10.0.0.2/8

I disabled NAT Reflection,Block private networks on Pfsense!
I create VIP type PARP has address 192.168.3.117
when I NAT 1:1 to map ip 192.168.3.117 to 10.0.0.2 it not working correctly!
Anyone can help me solve this problem?
Thanks!

GruensFroeschli · Jul 7, 2010, 1:07 PM

What do you mean "it is not working correctly"?

what do you expect,
what do you get,
how do you test,
etc.

pfsensevietnam · Jul 7, 2010, 1:09 PM

I access port 80 to VIP 192.168.3.117 from WAN! But i can not connect to this port!
When I use port forwarding I can connect!

GruensFroeschli · Jul 7, 2010, 1:11 PM

Is the pfSense WebGUI port on port80?
Did you create a firewall rule allowing traffic in?
Is the service behind the pfSense actually running?
Did you test with another computer from the WAN side (not from the LAN side)?

pfsensevietnam · Jul 7, 2010, 1:14 PM

Pfsense WebGUI port 80 on IP 192.168.3.130
I tested from another computer on WAN!
I created firewall rule allow all to IP 192.168.3.130 on WAN Interface and rule allow all to ip 10.0.0.2 on LAN interface!

GruensFroeschli · Jul 7, 2010, 1:21 PM

This is wrong.
Delete the rule on the LAN interface.
It does nothing.

You need a single rule on the WAN:
Allow, TCP, source: any, source-port:any, destination:10.0.0.2, destination-port:80

pfsensevietnam · Jul 7, 2010, 2:57 PM

Yes! This is wrong and I solved the problem for PARP . Thank you very much!
Take problem when I change from PARP to CARP. I can not connect to port 80 at VIP 192.168.3.117!Firewall rule are same!

Can you help me to solve it?
Thanks!

GruensFroeschli · Jul 7, 2010, 1:51 PM

Did you read the note next to the field where you enter the IP of the VIP?
PARP and CARP VIPs are different in the way you enter them in the GUI.
You actually have to enter the IP to which you want to create the VIP.

pfsensevietnam · Jul 7, 2010, 1:56 PM

I have changed it!

If this is wrong, you can example value I must enter?
Thanks!

GruensFroeschli · Jul 7, 2010, 2:05 PM

Now you only have to set the correct subnet-mask.
From your first post, this is /24.

pfsensevietnam · Jul 7, 2010, 2:14 PM

Yes, I set to /24

The problem still appear! :(
I can not connect to port 80 from WAN!
I from LAN pc I ping to internet address 8.8.8.8 I lost 75% packets!
Router address of WAN Interface of Pfsense is 192.168.3.254

pfsensevietnam · Jul 7, 2010, 2:56 PM

And Pfsense screen output:

At Lan PC ping to the internet:

I used Vmware workstation 7.0.1!
Can you help me to solve this problem!
Thanks!

pfsensevietnam · Jul 7, 2010, 4:23 PM

This problem happen because ethernet device in virtual machine can not enable promiscous mode! :D