Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Virtual IP's not responding as expected

    NAT
    3
    3
    2969
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • E
      erikig last edited by

      I'm having some issues here with getting Virtual IP's and NAT to work properly. First off, I'm running this on a VM on an ESX Server if that may be factor. I have activated promiscuous mode on the port group associated with the pfSense WAN interface.

      The physical:
      ESX Server connected to a switch using VLAN trunking with VLAN 100 designated as the external interface. One port on the switch is set to mode access vlan 100 and connected to the local network switch to provide external connectivity.

      The soft:
      The configuration is pfSense connected to a local network (the pfSense WAN interface) via a portgroup attached to VLAN 100 with the VLAN tagging managed by ESX so that pfSense doesn't do anything with regards to VLAN tagging.

      Local network 10.x.x.x/24
      pfSense IP 10.x.x.99

      There are 4 separate VLANs/Subnets attached to the pfSense VM.

      For the moment my firewall rules are any/any for testing purposes and will be locked down later.

      Currently the IP associated with the WAN interface of pfSense (local network) is pingable from both the local network and VMs in the subnets behind pfSense.

      I have declared a Virtual IP (10.x.x.98/32) set to Other. There is a NAT 1:1 mapping this Virtual IP to the address 192.168.101.10. The current state of affairs is that pfSense is correctly handling internal routing on the local subnets, but the machine attached to the Virtual IP can't go out on the WAN interface.

      However, any of the machines that do not have a NAT connection configured can go out via the WAN interface using the pfSense IP address. This works whether I use automatic or manual Outbound NAT.

      Notably, I do not see the 10.x.x.98 Virtual IP listed in the ARP table.

      Any ideas why this NAT connection is not working?

      1 Reply Last reply Reply Quote 0
      • M
        mlanner last edited by

        Did you ever solve this? I'm having the same/similar problem.

        1 Reply Last reply Reply Quote 0
        • jimp
          jimp Rebel Alliance Developer Netgate last edited by

          An "other" type VIP does not do ARP. For that you need CARP or Proxy ARP (or an IP alias on 2.0).

          Also if you are doing CARP/clustering, check the doc wiki for ESX config options you need to set for it to work properly.

          Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

          Need help fast? Netgate Global Support!

          Do not Chat/PM for help!

          1 Reply Last reply Reply Quote 0
          • First post
            Last post

          Products

          • Platform Overview
          • TNSR
          • pfSense
          • Appliances

          Services

          • Training
          • Professional Services

          Support

          • Subscription Plans
          • Contact Support
          • Product Lifecycle
          • Documentation

          News

          • Media Coverage
          • Press
          • Events

          Resources

          • Blog
          • FAQ
          • Find a Partner
          • Resource Library
          • Security Information

          Company

          • About Us
          • Careers
          • Partners
          • Contact Us
          • Legal
          Our Mission

          We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

          Subscribe to our Newsletter

          Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

          © 2021 Rubicon Communications, LLC | Privacy Policy