VIP/NAT help please!!
-
No, my block that i also have is: 201.73.17.176/28
-
If you are going to continue with that setup, you would make them ProxyARP.
-
I have no choice but to continue with that setup i guess as thats the ISP's way of doing things..
So ProxyARP.. do i create a single entry per IP or just 1 for the Block?
-
I have no choice but to continue with that setup i guess as thats the ISP's way of doing things..
So ProxyARP.. do i create a single entry per IP or just 1 for the Block?
Proxy ARP are best done as /32, or one per IP. IMO.
-
Ok, i have created ProxyARP VIP's.. created 1 entry per ip rather than the whole block. That part is not too dificult, its the next part that i can never undertand or get to work..
I dont know if now to use one of these VIP's as the public IP for my server, do i need to Port Forward it to the server LAN ip? Nat? 1:1? I have no idea, have tried them all and cant get it to work
-
So ProxyARP.. do i create a single entry per IP or just 1 for the Block?
Proxy ARP are best done as /32, or one per IP. IMO.
Why do you think that Proxy ARP VIPs are best done as /32?
If he defined the /28 block, pfsense will expand it to a list of 16 IPs and make them individually available in the NAT port-forward section.
-
So ProxyARP.. do i create a single entry per IP or just 1 for the Block?
Proxy ARP are best done as /32, or one per IP. IMO.
Why do you think that Proxy ARP VIPs are best done as /32?
If he defined the /28 block, pfsense will expand it to a list of 16 IPs and make them individually available in the NAT port-forward section.
Ahh.. in that case, i can just add the block of IP's in the VIP section, then do i need to create 1:1 NAT entries for each ip to go to a certain machine? (to use as public IP for servers for example)
-
So ProxyARP.. do i create a single entry per IP or just 1 for the Block?
Proxy ARP are best done as /32, or one per IP. IMO.
Why do you think that Proxy ARP VIPs are best done as /32?
If he defined the /28 block, pfsense will expand it to a list of 16 IPs and make them individually available in the NAT port-forward section.
So that you can dynamically use them. If you assign them all at once, you cannot use (even as a test) another device in front of the firewall. Could potentially be a security concern if you are not actively using the IP it will still reference the firewall. there could be a bug, or if there is not one, one could develop in an upgrade, that could allow someone access. human error can also bite you.
-
So guys, i have read all these posts, played with it.. read the pfSense book on NAT and VIP's but still can't get it to work.. Here is a simple scenario of what i want and hopefuly someone can give me a step by step that works:
To test i want to setup a XP box i have on my OPT1 so i can RDP to it using one of my Public IP's..
Current WAN IP: 189.53.100.10
Public IP Block: 201.73.17.176/28
Assign IP to XP: 201.73.17.178
XP Lan IP: 192.168.5.28I will do similar with servers but if i can just get the how to for this i can then apply that to the rest.
Hoping someone can assist..
-
From your XP box web browser, if you go to http://pfsense.org/ip.php wihich IP you see ?
-
Did you use port forward or 1:1 NAT? If you are using port forward, then you will need to use advanced outbound NAT (manual mode) to transform the outgoing ip to 201.73.17.178. Remember that it is first matching rule in AON so if your LAN rule is above your custom outbound, then the custom outbound will never happen.