Adding another 1:1 NAT address doesn't work for me.

  • I've configured inbound services on separate IP's, and all is working well.  The outside of my firewall is a single Ethernet adapter connected to my ISP's router.  On that adapter, I have the following virtual IP addresses:

    .3, .4. .5, .6, .8, .9, .10, .15, .18

    These are used for DNS servers, mail servers, web servers, etc.  All except the last two have worked fine for months.  Yesterday, I added .15 for a test web server without issues.  Today, I tried to add .18 for another test web server, and I can't get it to work.

    I captured a network trace while testing a connection from the WAN network (.254) to the .18 web server (I've removed the actual IP address range):

    11:28:25.564474 ARP, Request who-has (00:00:00:00:04:43 (oui Ethernet)) tell, length 46
    11:28:25.826951 ARP, Request who-has (00:00:00:00:04:43 (oui Ethernet)) tell, length 46
    11:28:26.793076 ARP, Request who-has (00:00:00:00:04:43 (oui Ethernet)) tell, length 46
    11:28:27.793730 ARP, Request who-has (6f:6d:00:00:01:00 (oui Unknown)) tell, length 46
    11:28:28.796194 ARP, Request who-has (6f:6d:00:00:01:00 (oui Unknown)) tell, length 46

    From what I can tell, this shows me that firewall computer isn't responding to the IP address as if the card doesn't have that address assigned to it.

    Could it be that I can't assign more than 8 addresses for the WAN port to listen on?
    Does anyone have any suggestions for the troubleshooting next step?

  • What type of virtual IP?

  • I'm using "Proxy ARP" for each single IP address.

  • Go to Diagnostics>Command and run:

    ps ax |grep arp

    and post the output of that.

  • Thanks for the help.  Here's the output:

    19081  ??  Ss    0:03.20 /usr/local/sbin/choparp fxp0 auto
    52623  ??  Ss    0:04.13 /usr/local/sbin/choparp rl0 auto

    I've hidden the actual IP range.  If you'd like to see that, just let me know.

  • Looks like you have it configured on the wrong NIC? all your other IPs are on fxp0, your .18 IP is on rl0.

  • Thank you SO VERY much.  I had noticed that the address wasn't in the first line, and I didn't even look at the second line.

    It works great now!  I can't say enough good things about this product to do it justice!