How to do Port Forwarding with Vitual IP's
-
Hi,
I am newbe to PFsense. I recently configured by pfsense with PPOE wan connection, and it does port forwarding for server which is located in the LAN. The mail server IP address is a virtual IP. This setup works fine. I planned to change my setup by making my adsl2 modem/router (Netgear) to initiate the PPOE connection and the link between the modem and Pfsense is another set of real IP address. Now the internet for the LAN is working fine, but the portforwarding is not working at all, as the modem router does not know anything about virtual ip's which are configured on pfsense. Hence in order for the pfsense to get anything about the virtual ip's the modem has to send anything which it receives on the virtual IP's to pfsense. I tried to configure some static routes on the modem/router to send everything on the modem router to pfsense. But it still does not work.
Setup 1
virtual IP Port forwarding
Internet–>modem<------------pfsense(PPOE)<------------------->LANThis setup works fine
Setup2
(PPOE connection) virtual IP port forwarding
Internet-->modem/router(netgear)--------------------pfsense<------------------>LANThis setup does not work for virtual IP
Any help will be much appreciated
Thank you
Sunny
-
What kind of VitrualIP did you use? CARP or proxyARP should work as these kind of VIPs generate Layer2 messages. Are the VIPs in the same subnet like the WAN subnet?
-
Hi Hoba,
The virtual IP are normal layer3 IP. They are not defined either as CARP or Proxy ARP. The virutal IP and all belong to different subnet..
For example
(Virtual IP with PPOE parameters configured on PFSENSE)
200.100.2.10/32
200.100.3.10/32
wanip(200.100.1.10)–----- 200.100.4.10/32 ----------------LANIn this setup where Pfsense initiates the connection, these virtual IP work fine to do the port forwarding to LAN.
But when I cange the setup to
Management IP on Pfsence WAN interface
Netgear(Modem/Router) Netgear IP (STATIC)
200.100.1.10----------------------200.100.3.10-------------------200.100.3.11 + Same Virtual IP as above-------------LAN
with same Port forw. rulesWith this setup the LAN traffic is able to go out and in as usual. But none of my port forwarding rules works.
As far I know there must be some kind of routing problem, between the Netgear(modem/router) and Pfsense. (I made the netgear(modem/router) to act as router for this setup.)Any suggestion on what to be done to make this setup work will be very helpfull
-
…
(Virtual IP with PPOE parameters configured on PFSENSE)
200.100.2.10/32
200.100.3.10/32
wanip(200.100.1.10)------- 200.100.3.10/32 ----------------LAN...
Management IP on Pfsence WAN interface
Netgear(Modem/Router) Netgear IP (STATIC)
200.100.1.10----------------------200.100.3.10-------------------200.100.3.11 + Same Virtual IP as above-------------LAN
with same Port forw. rules
...What do you mean with Virtual IPs with PPPoE? What kind of Virtual IPs did you use or how did you generate them?
I also don't understand the second scenario. Why are you making things more complex and add additional points of failure if the first configuration is working?
-
you say that you did not chanche the rules on pfsense on senario 1 and 2
so then senario 2 is brokenon senario 1 you use 200.100.3.10/32 as a vip
on senario 2 you use that ip for the lan site of the netgear router -
Clarification
1. The virtual IP are Layer 3 IP's (they are not CARP or ProxyARP form)
2. Virtual IP with PPoE is referred to as configured VIP on Pfsense and pfsense WAN interface is configured as PPoE type. ( Sorry if I was not clear)
3. The purpose of creating the scenario 2 is, when I use PPoE as WAN interface on PFsense the internet connection is very slow and when I start ntop on the WAN interface, the WAN interface is turned off and on… This downtime is longer than what I have imagined (4 to 5 min)
4. In scenario 1 PPoE connection parameters (username and password) are configured on the pfsense WAN interface. But in scenario 2 the PPoE is initiated by the Netgear Modem (username and password are configured on the modem). and I have the link form Netgear modem to Pfsense(WAN Interface). This link is configured on 200.100.3.10/30 network. That is modem Management IP 200.100.3.11 and Pfsense WAN IP (STATIC) 200.100.3.12.
5. This setup brings stability on my wan interface... and when I run ntop, the down time is reduced to 1 sec..or less. This is the reason I want to make the second setup work.