Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Mutiple Public IP NAT to multiple webservers

    Scheduled Pinned Locked Moved NAT
    9 Posts 4 Posters 7.8k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      safetynet
      last edited by

      Hi,

      After hitting a lot of issues outbound PPTP with 2.0 Beta, we've rolled back to the following release:

      1.2.3-RELEASE
      built on Sun Dec 6 23:21:36 EST 2009

      however, we've hit the same issue that we upgraded to 2.0 to fix, namely we can't get to one of our internal webservers from the internet.

      We have 4 public IPs's - one is the default WAN connection, and the other 3 are set up as PARP VIP's.  We only run a LAN and OPT1 networks. The LAN has has 2 webservers, 1 is assigned the default WAN public IP and the other assigned one of the VIP's - NAT & firewall rules set up for both of them.  The OPT1 interface also has a webserver sat behind it, again with a VIP assigned and appropriate NAT & firewall rules set up.

      I can access all the webservers externally, except the one with a VIP that sits on the LAN.

      so for illustration purposes we have the following:

      Default WAN IP: 94.123.123.1
      PARP 1: 94.123.123.2
      PARP 2: 94.123.123.3
      PARP 3: 94.123.123.4

      webserver 1 on 192.168.25.16
      webserver 2 on 192.168.25.14
      webserver 3 on 192.168.20.251 (OPT1 interface)

      I have NAT rules allowing:

      443 to 192.168.25.16  (ext 94.123.123.1)
      80 to 192.168.25.14  (ext 94.123.123.2)
      80 to 192.168.20.251 (ext 94.123.123.3)

      and associated firewall rules allowing port 80 and 443 through to the appropriate boxes.

      I can access all the webservers apart from the second one on the lan - there's no errors in the firewall log, so is it a nat issue - is this a known bug ?

      all help very much appreciated…

      Thanks

      Jake

      1 Reply Last reply Reply Quote 0
      • S
        safetynet
        last edited by

        just as an update - I've found that if I do a NAT translation on my default wan address from port 8181 to port 80 and forward that as well to my problematic webserver, that everything works as it should.

        so I guess then pfsense has a limitation - if you are already forwarding traffic from one public IP to a network, you can't then forward traffic from a different public ip to the same network (in my case my LAN).

        Is this documented anywhere ?

        Thanks

        Jake

        1 Reply Last reply Reply Quote 0
        • jimpJ
          jimp Rebel Alliance Developer Netgate
          last edited by

          That same setup has worked fine for others, can't say offhand why it might have been problematic for you there. Are you sure anything forwarded to that particular public IP worked, no matter what its destination?

          Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

          Need help fast? Netgate Global Support!

          Do not Chat/PM for help!

          1 Reply Last reply Reply Quote 0
          • D
            danny_248
            last edited by

            Hi There

            I need to do the exact same thing!

            How did you get this working in pfsense 2.0 as i cannot for the life of me get it to work.

            My aim: To get my multi WAN IP's forwarding to various webservers listening on port 80.

            I have: default WAN IP 0.0.0.1

            Virtual WAN IPs (PARP) 0.0.0.2, 0.0.0.3, 0.0.0.4, 0.0.0.5, 0.0.0.6

            Do i need to add 1:1 Nat rules and then add manual firewall walls. I tried this and i seem to get NAT issues and it isnt natting to the right server, does someone have screenshots for this as i simply cannot get it working and would greatly appreciate some assistance on this.

            Even when i clear all of the rules and NAT's to start over my pfsense still forwards port 80 on one of the webservers even when its told specifically to look to another. No idea how even when all the rules are deleted.

            Help would be greatly appreciated.
            Also, i need it to NAT for outbound and inbound. Therefore the WAN IP must be for outbound and inbound on its static IP as i could get it to route vIP's inbound but not for outbound too. For this to work i had to configure it differently. Didnt even use 1:1 NAT for this.

            Thanks in advance all

            Regards

            Dan

            1 Reply Last reply Reply Quote 0
            • D
              danny_248
              last edited by

              Forgot to add:

              One physical WAN interface and 1 physical LAN interface. Can add more if this is required for it to work correctly.

              Dan

              1 Reply Last reply Reply Quote 0
              • D
                danny_248
                last edited by

                Hi All

                You'll be pleased to hear i got this working with my 8x static IP Addresses.

                Works a charm. . . Gotta love pfsense 2.0

                Regards

                Dan  ;D ;D :P

                1 Reply Last reply Reply Quote 0
                • D
                  dko
                  last edited by

                  Ok if you get it to work please mention how

                  1 Reply Last reply Reply Quote 0
                  • D
                    danny_248
                    last edited by

                    @dko:

                    Ok if you get it to work please mention how

                    Are you running pfsense 2.0 or 1.2.3 as I am running this on 2.0

                    Daniel

                    1 Reply Last reply Reply Quote 0
                    • D
                      danny_248
                      last edited by

                      I will post a guide on how i got this working for me

                      1 Reply Last reply Reply Quote 0
                      • First post
                        Last post
                      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.