Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    NAT and VIPs

    Scheduled Pinned Locked Moved 2.0-RC Snapshot Feedback and Problems - RETIRED
    5 Posts 2 Posters 2.0k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • J
      jonnytabpni
      last edited by

      Hi Everyone,

      For the life of me, I can't seem to be able to get my machines on my network use a different VIP as their outgoing address. When I select a different address other than "Interface Address" in the outbound NAT rule, no outbound traffic can be passed.

      Port fordwarding (Incoming) traffic to the VIPs are fine.

      Any ideas?

      I'm using the latest snapshot

      Thanks

      Update: I have discovered what is going on. I think this is a bug in pfsense 2.0. For some reason, after a reboot, I can't use my VIP (incoming or outgoing). I have to change my server to use another VIP

      1 Reply Last reply Reply Quote 0
      • C
        cmb
        last edited by

        Post the output of:

        grep "nat on" /tmp/rules.debug

        from Diag>Command

        1 Reply Last reply Reply Quote 0
        • J
          jonnytabpni
          last edited by

          Hi cmb,

          Sorry, it seems to be working fine now. For some reason, a single IP address (out of a /27 block) is refusing to work - incoming or outgoing.

          I just changed my server to use another VIP and all seems well

          Strange…..

          It was working fine until recently. I'll do some tcpodumping and get back to you.

          Thanks

          1 Reply Last reply Reply Quote 0
          • J
            jonnytabpni
            last edited by

            Hi CMB,

            I think this is a bug in pfsense 2.0. The same thing happened again with the second VIP - unable to do anything NAT related with it. Change the rules back to use the first one (which caused this same problem yesterday) seems to work.

            I have NAT Reflection enabled - maybe there is a bug in NAT reflection and VIPs?

            Oh, forgot to mention this important point: I can access the server using the dodgy VIP from inside the LAN (as this uses the reflection rules, doesn't it?). It's just external access/outgoing that's the problem.

            Thanks

            1 Reply Last reply Reply Quote 0
            • C
              cmb
              last edited by

              Unlikely to be a bug, sounds like an IP conflict most likely (or misbehaving proxy ARP on another firewall on the segment), that's been the cause of every scenario like that I've seen.

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.