Ip address issue
I will use the example addresses instead of the real addresses which are in use.
WAN IP: 18.104.22.168
Routed subnet on to this IP address which is used on the WAN interface: 22.214.171.124/29
So the scenario is as follows on the pfSense:
em0 WAN: 126.96.36.199
em1 LAN: 188.8.131.52
Server which is connected to em1 LAN:
ip address 184.108.40.206
So there is NO nat used in this case, as I have offical ip addresses and do not need a NAT, the server have offical static ip address from the subnet
which is routed towards the primary WAN ip address 220.127.116.11
The issue now is when I open for example www.whatismyip.com from this server than I expect this address to appear: 18.104.22.168 but no I see this address instead: 22.214.171.124
why ? what I need to do in order to get the server offical ip address displayed instead of the pfSense WAN ip address displayed..?
Please correct me if i'm wrong, but your WAN should be assigned to your "official" ip address - you cannot set that yourself. Your ISP will give that to you.
126.96.36.199 is a non-routable address assigned inside your pfsense subnet.
It looks something like:
Server -> LAN -> WAN -> ISP -> whatismyip.com
whatismyip.com will only see the routable assigned IP from your ISP (statically or dynamically) - they cannot see your internal subnet. I assume 188.8.131.52 is the IP your ISP gave you.
If your question relates to gaining access to your server from the internet, then you'll need to NAT routes from your WAN to your LAN.
thank You for reply.
And yes You`re wrong, I mentioned that I will use "example" ip addresses and not "real" ip addresses we are using …
so in this example assume that 184.108.40.206 is offical routable subnet that is routed on to WAN ip address which is also in this example: 220.127.116.11 ...
I know that non-routable subnets or/and ip addresses will not be displayed using whatismyip.com .... this is ok...
But in my case WAN ip address is internet routable and routed subnet on to this WAN ip is also internet routable subnet that exists in the routes trough BGP routing...
Would you be able to provide a visual representation of this network - this may help clarify your situation in case other members have suggestions.
I'm having a hard time understanding your situation.
Sorry for the misunderstanding.
no problems at all, I`ll try to "draw" it below:
server 18.104.22.168 –-> [LAN 22.214.171.124] pfSense [WAN 126.96.36.199] –-> ISP Internet
I hope that this will do it better…
So as You can see, server have an ip address 188.8.131.52 and server uses 184.108.40.206 as its GW which is pfSense LAN OK ?
than when I open the www.whatismyip.com I am seeing the WAN ip address of the pfSense in this case 220.127.116.11 BUT I should see the server ip which is 18.104.22.168 OK ?
And consider these ip address I am using in this example just as "EXAMPLE" but in real world we are talking about routable ip addresses and subnets, so in my case we use
only internet valid routable ip addresses and there is NO NAT in our case... as we have enough official ip addresses... OK
Again in short words:
WAN = single ip which we got from our ISP provider: 22.214.171.124
LAN = on this interface I have assigned an ip from the ROUTED SUBNET, which means our ISP has routed a valid subnet on to our ip address 126.96.36.199 ...
better now ?
PS: I tried this : http://doc.pfsense.org/index.php/How_can_I_completely_disable_NAT%3F
I did exactly as it was described there and it is working fine for
Linux servers but not for Windows, the linux server is coming right out on to internet with its own ip address assigned to NIC card…
I run some ping from Linux server against external domains and everything is working fine...
than I tried to run "cmd" and ping one official ip address from windows and I was able to ping the ip but not domain, and the DNS is also configured..
But I have to run a ping first time when the Windows boots up in order to see it in arp table on the pfSense ...
So it smells like arp issue in this case between windows and pfSense ...
Any idea ?
run some more test from windows and I can only ping wan ip addresses out on the internet but I cannot ping the domain names, and I cannot surf
using domain names and i cannot surf using ip addresses either, so all I can do from windows is ping external domains :( WIRED
ARP obviously works from what you said functions (no device will show up in the firewall ARP table until it tries to communicate out, that's just how networking functions), and the firewall is obviously passing traffic out from the Windows hosts. The issue is somewhere on your Windows host, having DNS servers that don't respond sounds like the most likely cause.
You`re right, I found the problem. The ISP denied DNS resolve from the subnet they routed to me, and I have disabled NAT in the pfSense and than server used its own ip address
which was in the subnet which is denied by ISP because that subnet belongs us now… and before I disabled the NAT server used pfSense WAN ip address which ISP assigned to us and than it worked because DNS resolve was allowed from that IP address because it belongs to ISP.
The reason why the Linux was ok is that linux used 127.0.0.1 for DNS lookup it used its own DNS server for resolve...
Thank You again !