AON is not working for me using 2.0 RC1
-
Hi,
I created AON to use the specified translation ip address 206.85.25.68 to all outbound traffic from my LAN going to the internet. however when I do an ip address check It still using the WAN interface IP address which is the 206.85.25.66 . What is wrong with my setup?
Any suggestion would be greatly appreciated.
Thanks.
-
Have you added that ip-address as virtual-ip? And more specific as CARP virtual.
-Miika
-
Yes it was added as Virtual IP CARP.
-
Ok, is it working now?
I mean, that there might be a little change of old states have been using old gateway and now all of those states have died.
Or have have you resetted your state table after this AON rule? -
I mean the VIP CARP was added before I setup the AON, still not working.
-
Is your modem at bridging mode?
-
No it's not on bridging mode, however I setup other interface in my pfsense as bridge mode to WAN interface. Also I have 1:1 NAT setup for our email server, the 1:1 NAT works but not the AON.
-
I didn't talk about firewall ;D. I asked your modem status?
-
Sorry, for my modem no it is not on bridging mode. :)
-
Is it possible to put it in bridging mode?
If i'm right here( others may provide more info), bridging mode is needed for using several ip-addresses. At least that is what i've learned in past.
If you're using modem in routing mode, then you already do network address translation(NAT) in that modem, and it turns automatically everyclient to the single public ip-address. -
I am not sure it might not be possible for me, we actually don't have a modem our internet connection is in fiber optic line from that line there is a Fiber line box and from that box there is a small media converter box that convert fiber connection to RJ45 connection. So our PFSense box is connected to that media converter. I know our IP address is not on bridge mode this is what our ISP told me, we have a range of static IP address.
-
Does your ISP provide LAN or WAN side ip-addresses from that fiber box?
If they provide LAN side addresses, then i'm out of knowledge, these fiber boxes is something which I haven't see at all
If they provide WAN side addresses, then we have a little hope. -
First I would like to thank you for your continuing support and not giving up. About your question there is no LAN IP address for that fiber box, we have WAN IP address and it is a range of Static IP address for our Internet Connection.
-
Well thank you for your thanks, you know that stupid guy who has flat forehead(always hitting head to brick(fire)wall…)
You're talking one them currently.Is there any possibilities, that you ask your isp provide that fiberbox in bridging mode. Then AON should work flawlessly. If it's still not working then I'm completely clueless.
-
Thank again, that means AON depend on how your ISP provider setup your Internet Connection if it is in bridge mode you can do the AON and it it is now you can't do the AON.
Because I am thinking ISP provide internet with standard setup. Anyway I would greatly appreciated if you share how you did this on your own setup.
-
It doesn't always depend on ISP, but it helps a lot if they support bridging.
As an example i've got 5 static ip's and four of those is bought three years later. Original ip-address is .150 and I had only one NAT rule with other firewall product.After I changed to pfsense and discovered that this has possibility to have multiple ip's and WAN's. After that i bought other IP's which are .55, .56, .61 & .75
And i also changed to this ISP previously when original ISP didn't support bridging ADSL-connection.Sorry for the tangled explanation
-
I understand what you mean, that some ISP provides a modem with bridging mode and other does not. I am pretty sure my connection is in bridge mode because I was able to established 1:1 NAT for our Mail server and it does works. So all our outbound email uses an IP address I specified on 1:1 NAT not the WAN IP address.