SOLVED : accessing internal network from wan side

hoba · Mar 6, 2007, 1:12 PM

Is your WAN VIP part of the original WAN subnet? If not CARP won't be an option here.

hchady · Mar 6, 2007, 1:16 PM

yes
my main internet IP adress is 134.214.116.244 /22 … in the same range

hchady · Mar 6, 2007, 2:29 PM

so ? it is a bugg ?

hoba · Mar 6, 2007, 7:52 PM

I don't have the possibility to test atm. It used to work.

hchady · Mar 8, 2007, 3:51 PM

i moved my LAN network from 192.168.10.0/24 to 134.214.0.0/22

now i can use CRAP for virtual IP but i still cannot ping VIP from outside.

but now i can ping them from pfsense LAN side …. strange !!

looks like NAT 1:1 working in 1 way

hoba · Mar 8, 2007, 7:44 PM

ICMP is not natted You have to allow icmp to your wan vip. Btw, it's CARP and not CRAP ;)

hchady · Mar 9, 2007, 11:12 AM

already done, but still not working

hchady · Mar 14, 2007, 8:31 AM

hi,

I have downgrade to 1.0.1 release (29 october) and i have configured again CARP VIP, NAT and Rules … and it works ! I can ping VIP from outside.
i have add 3 others nated VIP, and reboot... now it dosen't work again and impossible to get it working !
firewall logs dosen't show any blocked ICMP to VIP or nated IP

Strange !! ?

hchady · Mar 20, 2007, 2:24 PM

I am using now 15/03 snapshot … and VIP are not pingeable from outside !!

hchady · Mar 26, 2007, 3:33 PM

It works now with the latest snapshot (23-03-2007) !!

but any chance to have a NAT 1:1 with apple talk compatibility ?