Adding another 1:1 NAT address doesn't work for me.
I've configured inbound services on separate IP's, and all is working well. The outside of my firewall is a single Ethernet adapter connected to my ISP's router. On that adapter, I have the following virtual IP addresses:
.3, .4. .5, .6, .8, .9, .10, .15, .18
These are used for DNS servers, mail servers, web servers, etc. All except the last two have worked fine for months. Yesterday, I added .15 for a test web server without issues. Today, I tried to add .18 for another test web server, and I can't get it to work.
I captured a network trace while testing a connection from the WAN network (.254) to the .18 web server (I've removed the actual IP address range):
11:28:25.564474 ARP, Request who-has xxx.xxx.xxx.18 (00:00:00:00:04:43 (oui Ethernet)) tell xxx.xxx.xxx.254, length 46
11:28:25.826951 ARP, Request who-has xxx.xxx.xxx.18 (00:00:00:00:04:43 (oui Ethernet)) tell xxx.xxx.xxx.254, length 46
11:28:26.793076 ARP, Request who-has xxx.xxx.xxx.18 (00:00:00:00:04:43 (oui Ethernet)) tell xxx.xxx.xxx.254, length 46
11:28:27.793730 ARP, Request who-has xxx.xxx.xxx.18 (6f:6d:00:00:01:00 (oui Unknown)) tell xxx.xxx.xxx.254, length 46
11:28:28.796194 ARP, Request who-has xxx.xxx.xxx.18 (6f:6d:00:00:01:00 (oui Unknown)) tell xxx.xxx.xxx.254, length 46
From what I can tell, this shows me that firewall computer isn't responding to the IP address as if the card doesn't have that address assigned to it.
Could it be that I can't assign more than 8 addresses for the WAN port to listen on?
Does anyone have any suggestions for the troubleshooting next step?
What type of virtual IP?
I'm using "Proxy ARP" for each single IP address.
Go to Diagnostics>Command and run:
ps ax |grep arp
and post the output of that.
Thanks for the help. Here's the output:
19081 ?? Ss 0:03.20 /usr/local/sbin/choparp fxp0 auto xxx.xxx.xxx.3/32 xxx.xxx.xxx.4/32 xxx.xxx.xxx.5/32 xxx.xxx.xxx.6/32 xxx.xxx.xxx.8/32 xxx.xxx.xxx.9/32 xxx.xxx.xxx.10/32 xxx.xxx.xxx.15/32
52623 ?? Ss 0:04.13 /usr/local/sbin/choparp rl0 auto xxx.xxx.xxx.18/32
I've hidden the actual IP range. If you'd like to see that, just let me know.
Looks like you have it configured on the wrong NIC? all your other IPs are on fxp0, your .18 IP is on rl0.
Thank you SO VERY much. I had noticed that the address wasn't in the first line, and I didn't even look at the second line.
It works great now! I can't say enough good things about this product to do it justice!