Adding another 1:1 NAT address doesn't work for me.

NAT
Log in to reply
  • C

    I've configured inbound services on separate IP's, and all is working well.  The outside of my firewall is a single Ethernet adapter connected to my ISP's router.  On that adapter, I have the following virtual IP addresses:

    .3, .4. .5, .6, .8, .9, .10, .15, .18

    These are used for DNS servers, mail servers, web servers, etc.  All except the last two have worked fine for months.  Yesterday, I added .15 for a test web server without issues.  Today, I tried to add .18 for another test web server, and I can't get it to work.

    I captured a network trace while testing a connection from the WAN network (.254) to the .18 web server (I've removed the actual IP address range):

    11:28:25.564474 ARP, Request who-has xxx.xxx.xxx.18 (00:00:00:00:04:43 (oui Ethernet)) tell xxx.xxx.xxx.254, length 46
    11:28:25.826951 ARP, Request who-has xxx.xxx.xxx.18 (00:00:00:00:04:43 (oui Ethernet)) tell xxx.xxx.xxx.254, length 46
    11:28:26.793076 ARP, Request who-has xxx.xxx.xxx.18 (00:00:00:00:04:43 (oui Ethernet)) tell xxx.xxx.xxx.254, length 46
    11:28:27.793730 ARP, Request who-has xxx.xxx.xxx.18 (6f:6d:00:00:01:00 (oui Unknown)) tell xxx.xxx.xxx.254, length 46
    11:28:28.796194 ARP, Request who-has xxx.xxx.xxx.18 (6f:6d:00:00:01:00 (oui Unknown)) tell xxx.xxx.xxx.254, length 46

    From what I can tell, this shows me that firewall computer isn't responding to the IP address as if the card doesn't have that address assigned to it.

    Could it be that I can't assign more than 8 addresses for the WAN port to listen on?
    Does anyone have any suggestions for the troubleshooting next step?

    0
  • C

    What type of virtual IP?

    0
  • C

    I'm using "Proxy ARP" for each single IP address.

    0
  • C

    Go to Diagnostics>Command and run:

    ps ax |grep arp

    and post the output of that.

    0
  • C

    Thanks for the help.  Here's the output:

    19081  ??  Ss    0:03.20 /usr/local/sbin/choparp fxp0 auto xxx.xxx.xxx.3/32 xxx.xxx.xxx.4/32 xxx.xxx.xxx.5/32 xxx.xxx.xxx.6/32 xxx.xxx.xxx.8/32 xxx.xxx.xxx.9/32 xxx.xxx.xxx.10/32 xxx.xxx.xxx.15/32
    52623  ??  Ss    0:04.13 /usr/local/sbin/choparp rl0 auto xxx.xxx.xxx.18/32

    I've hidden the actual IP range.  If you'd like to see that, just let me know.

    0
  • C

    Looks like you have it configured on the wrong NIC? all your other IPs are on fxp0, your .18 IP is on rl0.

    0
  • C

    Thank you SO VERY much.  I had noticed that the address wasn't in the first line, and I didn't even look at the second line.

    It works great now!  I can't say enough good things about this product to do it justice!

    0

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

© 2020 Rubicon Communications, LLC | Privacy Policy