Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Adding another 1:1 NAT address doesn't work for me.

    Scheduled Pinned Locked Moved NAT
    7 Posts 2 Posters 1.9k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • C
      cpk
      last edited by

      I've configured inbound services on separate IP's, and all is working well.  The outside of my firewall is a single Ethernet adapter connected to my ISP's router.  On that adapter, I have the following virtual IP addresses:

      .3, .4. .5, .6, .8, .9, .10, .15, .18

      These are used for DNS servers, mail servers, web servers, etc.  All except the last two have worked fine for months.  Yesterday, I added .15 for a test web server without issues.  Today, I tried to add .18 for another test web server, and I can't get it to work.

      I captured a network trace while testing a connection from the WAN network (.254) to the .18 web server (I've removed the actual IP address range):

      11:28:25.564474 ARP, Request who-has xxx.xxx.xxx.18 (00:00:00:00:04:43 (oui Ethernet)) tell xxx.xxx.xxx.254, length 46
      11:28:25.826951 ARP, Request who-has xxx.xxx.xxx.18 (00:00:00:00:04:43 (oui Ethernet)) tell xxx.xxx.xxx.254, length 46
      11:28:26.793076 ARP, Request who-has xxx.xxx.xxx.18 (00:00:00:00:04:43 (oui Ethernet)) tell xxx.xxx.xxx.254, length 46
      11:28:27.793730 ARP, Request who-has xxx.xxx.xxx.18 (6f:6d:00:00:01:00 (oui Unknown)) tell xxx.xxx.xxx.254, length 46
      11:28:28.796194 ARP, Request who-has xxx.xxx.xxx.18 (6f:6d:00:00:01:00 (oui Unknown)) tell xxx.xxx.xxx.254, length 46

      From what I can tell, this shows me that firewall computer isn't responding to the IP address as if the card doesn't have that address assigned to it.

      Could it be that I can't assign more than 8 addresses for the WAN port to listen on?
      Does anyone have any suggestions for the troubleshooting next step?

      1 Reply Last reply Reply Quote 0
      • C
        cmb
        last edited by

        What type of virtual IP?

        1 Reply Last reply Reply Quote 0
        • C
          cpk
          last edited by

          I'm using "Proxy ARP" for each single IP address.

          1 Reply Last reply Reply Quote 0
          • C
            cmb
            last edited by

            Go to Diagnostics>Command and run:

            ps ax |grep arp

            and post the output of that.

            1 Reply Last reply Reply Quote 0
            • C
              cpk
              last edited by

              Thanks for the help.  Here's the output:

              19081  ??  Ss    0:03.20 /usr/local/sbin/choparp fxp0 auto xxx.xxx.xxx.3/32 xxx.xxx.xxx.4/32 xxx.xxx.xxx.5/32 xxx.xxx.xxx.6/32 xxx.xxx.xxx.8/32 xxx.xxx.xxx.9/32 xxx.xxx.xxx.10/32 xxx.xxx.xxx.15/32
              52623  ??  Ss    0:04.13 /usr/local/sbin/choparp rl0 auto xxx.xxx.xxx.18/32

              I've hidden the actual IP range.  If you'd like to see that, just let me know.

              1 Reply Last reply Reply Quote 0
              • C
                cmb
                last edited by

                Looks like you have it configured on the wrong NIC? all your other IPs are on fxp0, your .18 IP is on rl0.

                1 Reply Last reply Reply Quote 0
                • C
                  cpk
                  last edited by

                  Thank you SO VERY much.  I had noticed that the address wasn't in the first line, and I didn't even look at the second line.

                  It works great now!  I can't say enough good things about this product to do it justice!

                  1 Reply Last reply Reply Quote 0
                  • First post
                    Last post
                  Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.