Problem NAT 1:1 on VMWARE!

pfsensevietnam

I have installed Pfsense 1.2.3 on Vmware machine!

• Pfsense box:
  WAN ADDRESS: 192.168.3.130/24
  LAN ADDRESS : 10.0.0.1/8
• pc on lan:
  ADDRESS: 10.0.0.2/8

I disabled NAT Reflection,Block private networks on Pfsense!
I create VIP type PARP has address 192.168.3.117
when I NAT 1:1 to map ip 192.168.3.117 to 10.0.0.2 it not working correctly!
Anyone can help me solve this problem?
Thanks!

GruensFroeschli

What do you mean "it is not working correctly"?

what do you expect,
what do you get,
how do you test,
etc.

pfsensevietnam

I access port 80 to VIP 192.168.3.117 from WAN! But i can not connect to this port!
When I use port forwarding I can connect!

GruensFroeschli

Is the pfSense WebGUI port on port80?
Did you create a firewall rule allowing traffic in?
Is the service behind the pfSense actually running?
Did you test with another computer from the WAN side (not from the LAN side)?

pfsensevietnam

Pfsense WebGUI port 80 on IP 192.168.3.130
I tested from another computer on WAN!
I created firewall rule allow all to IP 192.168.3.130 on WAN Interface and rule allow all to ip 10.0.0.2 on LAN interface!

GruensFroeschli

This is wrong.
Delete the rule on the LAN interface.
It does nothing.

You need a single rule on the WAN:
Allow, TCP, source: any, source-port:any, destination:10.0.0.2, destination-port:80

pfsensevietnam

Yes! This is wrong and I solved the problem for PARP . Thank you very much!
Take problem when I change from PARP to CARP. I can not connect to port 80 at VIP 192.168.3.117!Firewall rule are same!

Can you help me to solve it?
Thanks!

GruensFroeschli

Did you read the note next to the field where you enter the IP of the VIP?
PARP and CARP VIPs are different in the way you enter them in the GUI.
You actually have to enter the IP to which you want to create the VIP.

pfsensevietnam

I have changed it!

If this is wrong, you can example value I must enter?
Thanks!

GruensFroeschli

Now you only have to set the correct subnet-mask.
From your first post, this is /24.

pfsensevietnam

Yes, I set to /24

The problem still appear! :(
I can not connect to port 80 from WAN!
I from LAN pc I ping to internet address 8.8.8.8 I lost 75% packets!
Router address of WAN Interface of Pfsense is 192.168.3.254

pfsensevietnam

And Pfsense screen output:

At Lan PC ping to the internet:

I used Vmware workstation 7.0.1!
Can you help me to solve this problem!
Thanks!

pfsensevietnam

This problem happen because ethernet device in virtual machine can not enable promiscous mode! :D