2 VLANs/2 External IPs - Outbound NAT



  • Hello,

    I have an Alix 2d3 box running pfSense, using only 2 of the 3 interfaces (one reserved for WAN2 connection, coming soon) and using VLAN config on the LAN interface:

    WAN - external IP xx.yy.zz.123
    LAN - disabled
            VLAN 10 - 192.168.2.0/24
            VLAN 20 - 192.168.0.0/24
    WAN2 - disabled

    Now I want both LAN subnets to use a seperate WAN address and have specified a Virtual IP of type "IP Alias" on the WAN connection, "xx.yy.zz.124".

    I have also enabled Advanced Outbound NAT and defined two rules:

    Interface Source Source Port Destination Destination Port NAT Address NAT Port Static Port
    WAN   192.168.2.0/24 * * * * * NO
    WAN   192.168.0.0/24 * * * xx.yy.zz.124 *
    NO

    The problem is, this is not working for the 192.168.0.0/24 subnet, which should use the IP Alias as external address, i cannot get an internet connection here. In the 192.168.0.0/24 subnet, everything is working fine.  If I define the Translation Address as "Interface Address" (same setting as for 192.168.2.0/24 subnet), everything works fine.

    What am I missing here?



  • By default you have no any passing rules in other interfaces than lan. have you any rules on that interface?



  • Thanks for the reply, I have the same rules on both VLAN interfaces if you mean those, resembling the default "LAN to any" rule. For the first VLAN (192.168.2.0/24) it's working, the difference being that it doesn't have the IP alias as mapping address of course.



  • Is your 124 address setup as a virtual IP? If so what kind?



  • Yes, i chose the type "IP Alias". It doesn't work with Proxy ARP/CARP either though, I remember trying that.



  • Could you post your rules and advanced NAT rules?



  • I'm having the same problem..
    Would have been nice if this asshole ever came back and let us know what happened..
    This shit pisses me off royally.
    Have some decency folks..
    Come back and close the damn thread.



  • I imagine this is answered somewhere else around here..
    But I'm having the same (or similar) problem..
    I have setup a second subnet on a second lan interface and setup my outbound rules..
    It works if set to (INTERFACE) and goes out on the default WAN Interface..
    If I set it to virtual IP I have created it won't go out can't reach internet.
    My virtual ip is up and pingable from outside and I can reach it if I set rules to allow inbound.

    But I'm not getting Nat outbound to the virtual IP when I try it..

    Works fine if I don't use the virtual IP (choosing just the wan interface) but I need it to nat and go out on the virtual public ip if coming from this second subnet :-(

    Again.. thanks I imagine this has already been asnwered.. just all the endless threads where poeple ask for help, get help and never come back to tell us what
    happened really sucks.

    Steve



  • Well bloody hell (as they say).
    A reboot did it.

    resetting state didn't..

    Maybe there some other massive network restart commands I should learn.. I seriously didn't think I needed to reboot to get this to go but sure did!

    Insanely happy it's working now!!



  • I am glad that you did a reboot and figured this out. Some times if you setup it up one way and then come back and want to setup it up a different way, a reboot is necessary to clear out the old config from memory and then load up the way that works.

    This has been covered in other threads. I do understand that some don't come back and explain, but some find the other threads and thing that others will as well. The problem is that they could link what they find and don't So, if you find this in another thread, please link this tread to that one.

    Any way …


Log in to reply