SOLVED : accessing internal network from wan side
-
Btw, we do not redirect protocol ICMP, so this won't be natted. In case you want to make the VIP pingable you have to use type CARP (currently the only virtual IP that allows for ICMP) and add an firewall rule at WAN for protocol ICMP, source any, destination virtual WAN IP.
-
that is exactely what i have done but with Proxy ARP.
if i move to crap, I get this error message :
Sorry, we could not locate an interface with a matching subnet for 134.214.116.30/32. Please add an ip in this subnet on a real interface -
CARP IPs have to use the real interfaces subnet, not /32.
-
the same message :
Sorry, we could not locate an interface with a matching subnet for 134.214.116.30/22. Please add an ip in this subnet on a real interfacenote that on wan i use 134.214.116.x/22 subnet and on lan side : 192.168.10.x/24
-
Is your WAN VIP part of the original WAN subnet? If not CARP won't be an option here.
-
yes
my main internet IP adress is 134.214.116.244 /22 … in the same range -
so ? it is a bugg ?
-
I don't have the possibility to test atm. It used to work.
-
i moved my LAN network from 192.168.10.0/24 to 134.214.0.0/22
now i can use CRAP for virtual IP but i still cannot ping VIP from outside.
but now i can ping them from pfsense LAN side …. strange !!
looks like NAT 1:1 working in 1 way
-
ICMP is not natted You have to allow icmp to your wan vip. Btw, it's CARP and not CRAP ;)
-
already done, but still not working
-
hi,
I have downgrade to 1.0.1 release (29 october) and i have configured again CARP VIP, NAT and Rules … and it works ! I can ping VIP from outside.
i have add 3 others nated VIP, and reboot... now it dosen't work again and impossible to get it working !
firewall logs dosen't show any blocked ICMP to VIP or nated IPStrange !! ?
-
I am using now 15/03 snapshot … and VIP are not pingeable from outside !!
-
It works now with the latest snapshot (23-03-2007) !!
but any chance to have a NAT 1:1 with apple talk compatibility ?