NAT and VIPs
-
Hi Everyone,
For the life of me, I can't seem to be able to get my machines on my network use a different VIP as their outgoing address. When I select a different address other than "Interface Address" in the outbound NAT rule, no outbound traffic can be passed.
Port fordwarding (Incoming) traffic to the VIPs are fine.
Any ideas?
I'm using the latest snapshot
Thanks
Update: I have discovered what is going on. I think this is a bug in pfsense 2.0. For some reason, after a reboot, I can't use my VIP (incoming or outgoing). I have to change my server to use another VIP
-
Post the output of:
grep "nat on" /tmp/rules.debug
from Diag>Command
-
Hi cmb,
Sorry, it seems to be working fine now. For some reason, a single IP address (out of a /27 block) is refusing to work - incoming or outgoing.
I just changed my server to use another VIP and all seems well
Strange…..
It was working fine until recently. I'll do some tcpodumping and get back to you.
Thanks
-
Hi CMB,
I think this is a bug in pfsense 2.0. The same thing happened again with the second VIP - unable to do anything NAT related with it. Change the rules back to use the first one (which caused this same problem yesterday) seems to work.
I have NAT Reflection enabled - maybe there is a bug in NAT reflection and VIPs?
Oh, forgot to mention this important point: I can access the server using the dodgy VIP from inside the LAN (as this uses the reflection rules, doesn't it?). It's just external access/outgoing that's the problem.
Thanks
-
Unlikely to be a bug, sounds like an IP conflict most likely (or misbehaving proxy ARP on another firewall on the segment), that's been the cause of every scenario like that I've seen.