SOLVED : accessing internal network from wan side

hoba

Is your WAN VIP part of the original WAN subnet? If not CARP won't be an option here.

hchady

yes
my main internet IP adress is 134.214.116.244 /22 … in the same range

hchady

so ? it is a bugg ?

hoba

I don't have the possibility to test atm. It used to work.

hchady

i moved my LAN network from 192.168.10.0/24 to 134.214.0.0/22

now i can use CRAP for virtual IP but i still cannot ping VIP from outside.

but now i can ping them from pfsense LAN side …. strange !!

looks like NAT 1:1 working in 1 way

hoba

ICMP is not natted You have to allow icmp to your wan vip. Btw, it's CARP and not CRAP  ;)

hchady

already done, but still not working

hchady

hi,

I have downgrade to 1.0.1 release (29 october) and i have configured again CARP VIP, NAT and Rules … and it works ! I can ping VIP from outside.
i have add 3 others nated VIP, and reboot... now it dosen't work again and impossible to get it working !
firewall logs dosen't show any blocked ICMP to VIP or nated IP

Strange !! ?

hchady

I am using now 15/03 snapshot … and VIP are not pingeable from outside !!

hchady

It works now with the latest snapshot (23-03-2007) !!

but any chance to have a NAT 1:1 with apple talk compatibility ?