Virtual IP Alias



  • Hi All,

    I am new to pfsense and need some assistance. I have 5 public static ip addresses from my cable internet provider. I setup one of the static addresses for the router itself. The next four of the static ip's i setup as a virtual ip alias. I then went into 1:1 NAT, as these public ip's will be used for a specific server ie Exchange, Sharepoint, and web server, and configured the 1:1 NAT settings. Then I setup rules in the firewall from the virtual ip alias to the internal ip of the server. Whenever I type in the any of the static ip's in the internet browser, they all go to the router ie, I type in the ip address that should be routed to OWA and goes straight to the pfsense webgui.

    Any help would be greatly appreciated as I am so incredibly lost and confused. Thanks!



  • I had this very same issue - was unable to resolve  ???

    Are you assigning your internal interfaces as static IPs from your LAN or as seperate subnets? Is DHCP enabled on any of the OPT interfaces?



  • I use only portforwards, and have no problems.

    Is it possible you to try with portforward?



  • @pf2.0nyc:

    I had this very same issue - was unable to resolve  ???

    Are you assigning your internal interfaces as static IPs from your LAN or as seperate subnets? Is DHCP enabled on any of the OPT interfaces?

    I have two interfaces, the wan is the first static ip and the lan is static of 192.168.1.1, I'm not using different subnets. Also, DHCP is enabled only on the lag interface. Thanks for a reply!



  • @Metu69salemi:

    I use only portforwards, and have no problems.

    Is it possible you to try with portforward?

    Is it possible to use the port forwards and have two separate web servers running on port 80 or 443? I was lead to using 1:1 NAT from reading others people's experiences. I will try it tho and see what happens. Thanks for the insight and advice.



  • As an extra hint use port alias with 80 and 443 so you dont have two rules or every port between 80 and 443 opened to world



  • I added the port alias and port forwards, still can't get it to work  ???



  • You have 1:1 Nat still in that box? try to without those
    And if not working can you share screenshots of your rules



  • I got rid of the 1:1 and still didn't work. I attached screenshots. Let me know if you need any screenshots of anything in particular.  :)

    ![Screen Shot 2011-08-21 at 4.34.27 PM.png](/public/imported_attachments/1/Screen Shot 2011-08-21 at 4.34.27 PM.png)
    ![Screen Shot 2011-08-21 at 4.34.27 PM.png_thumb](/public/imported_attachments/1/Screen Shot 2011-08-21 at 4.34.27 PM.png_thumb)
    ![Screen Shot 2011-08-21 at 4.34.40 PM.png](/public/imported_attachments/1/Screen Shot 2011-08-21 at 4.34.40 PM.png)
    ![Screen Shot 2011-08-21 at 4.34.40 PM.png_thumb](/public/imported_attachments/1/Screen Shot 2011-08-21 at 4.34.40 PM.png_thumb)
    ![Screen Shot 2011-08-21 at 4.51.10 PM.png](/public/imported_attachments/1/Screen Shot 2011-08-21 at 4.51.10 PM.png)
    ![Screen Shot 2011-08-21 at 4.51.10 PM.png_thumb](/public/imported_attachments/1/Screen Shot 2011-08-21 at 4.51.10 PM.png_thumb)



  • first notice: Please do not publish your public ip-address
    second notice: destination address should be public



  • sorry, thanks, I changed that and is the destination address for the public ip for the port forward or the WAN rules?



  • Also, should I have type of virtual ip as alias or other? alias always seems to bring me back to the router. other just shows cannot display page.



  • You can use virtual ip or carp(carp only if every extra ip is in same subnet than the first one)
    portforward is where you need it to set



  • Great news! I can now access my owa site externally. I did it via my phone not on wifi. When I do it internally tho it doesn't work. Thoughts on NAT rules to access it via my LAN?



  • Just add new dns entrys for your dns server.
    I have windows AD with something.local as interal domain and outside domain is actually something_else.com, if i want to connect webserver internally i've created another domain into my AD-server(DNS), now it has internal and outside domains side-by-side. Only different thing to outside domain entrys is that i use only internal ip-addresses for those A & PTR Records at my own server.

    And ofcourse this AD-server is the one which i share via dhcp to clients


Locked