Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Multiple static ips and only main ip is accessible

    Scheduled Pinned Locked Moved Routing and Multi WAN
    7 Posts 2 Posters 1.9k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • J
      jjone
      last edited by

      MY PFSENSE BOX HAS 6 PORTS.

      WAN (NO IP)
      |
      -LAN STATIC IP 192.168.11.1/24
      -OPT1 (NO IP)
      -OPT2 (NO IP)
      -OPT3 (NO IP)
      -OPT4 (NO IP) LINKED TO WINDOWS SERVER 2008 R2 W/ 1 NIC AND 5 STATIC IPs (ALL FIREWALL DISABLED IN WINDOWS)

      • OPT5 (BRIDGE0 CONTAINS WAN, LAN, OPT1, OPT2, OPT3, OPT4) TRANPARENT BRIDGE MODE.

      MY WINDOWS SERVER 2008 R2 RUNING IIS 7.5 WITH 1 NIC AND I PUT IN 5 STATIC PUBLIC IPs WINDOWS tcp/ip (108.X.X.101 - 105)

      THIS IS MY PROBLEM,

      THE 1ST MAIN IP(X.X.X.105) IS ALWAYS ACCESSIBLE FROM OUTSIDE BUT NOT ALL.

      WHEN I SET (X.X.X.102 OR 103 OR 104 OR 101) AS THE MAIN IPs FOR JUST A FEW SECOND IN WINDOWS tcp/ip SETUP
      THEN THEY CAN BE ACCESSIBLE FROM OUTSIDE FOR ABOUT A DAY. AND NOT ACCESSIBLE AGAIN THE NEXT DAY WHEN I TRY TO ACCESS THEM.
      I WILL HAVE TO SET THEM AGAIN AS MAIN IP IN WINDOWS TCP/IP…

      I CAN SEE THE PACKET RECEIVED DATA BUT NOT SENT DATA WHEN I TRY TO ACCESS THE THOSE IPS EXCEPT THE MAIN IP.

      WHAT DID I DO WRONG WITH THE PSFENSE ?

      ANY SUGGESTION? OR HELP PLEASE. THANKS A LOT.

      1 Reply Last reply Reply Quote 0
      • marcellocM
        marcelloc
        last edited by

        Can you install wireshark on Windows server to see if packages are reaching Windows?

        If you see a lot of arp requests to ip aliases with no response on server segment, then it could be your server.

        The best way to protect a web server in my opinion is configuring a reverse proxy between internet and iis.

        Pfsense can do this with varnish or apache+mod security.

        Snort with ips can protect iis from specific attacks.

        Treinamentos de Elite: http://sys-squad.com

        Help a community developer! ;D

        1 Reply Last reply Reply Quote 0
        • J
          jjone
          last edited by

          hi, marcelloc.
          Thanks for your reply.

          I installed wireshark on my windows server, when i access my main ip it shows alot TCP connections, which means working.
          however when i access the rest 4 addon staic ips in my tcp/ip, nothing happens in wireshark till i change them to main ip for a few seconds.

          i don't know what is going on here.

          1 Reply Last reply Reply Quote 0
          • marcellocM
            marcelloc
            last edited by

            You may need to do a tcpdump on all intetfaces at pfsense console to see where the ARP requests are.

            The arp requests will look like "who has 72.12.23.100"

            Treinamentos de Elite: http://sys-squad.com

            Help a community developer! ;D

            1 Reply Last reply Reply Quote 0
            • J
              jjone
              last edited by

              hi, marcelloc
              thank you for your help. i will test it when i get back to my office tomorrow.

              I only have 1 connection to pfsense OPT4 port from my windows server nic and my fiber optical internet connect directly to pfsense Wan port with via rj45 port(no modem inbetween).  all other ports on my pfsense box are not connected. also, i put no ip on OPT4 and WAN port.

              very strange problem.

              1 Reply Last reply Reply Quote 0
              • J
                jjone
                last edited by

                hi, marcelloc

                I remove the pfsense box and plug in direct to the fiber connection. i can only access the main ip too.

                maybe its my windows server problem.

                1 Reply Last reply Reply Quote 0
                • marcellocM
                  marcelloc
                  last edited by

                  @jjone:

                  maybe its my windows server problem.

                  Consider applying these ips on firewall and use a reverse proxy.

                  with reverse proxy as well on IIS, you can use host header do define website instead of using multiple ips.

                  Treinamentos de Elite: http://sys-squad.com

                  Help a community developer! ;D

                  1 Reply Last reply Reply Quote 0
                  • First post
                    Last post
                  Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.