Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Simple nat not working

    Scheduled Pinned Locked Moved NAT
    3 Posts 2 Posters 2.2k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • D
      disa
      last edited by

      dear pfsense users,
      I'm going to replace my single soekris with dual wan running gentoo linux with 2 high available soekris (4801) running pfsense and 3 wan. I'll do nat and bridging.

      The boxes have 5 nics:

      sis0 -> LAN
sis1 -> VLAN1 = WAN
sis1 -> VLAN2 = WAN2
sis1 -> VLAN3 = WAN3
sis2 -> SYNC with the other box
sis3 -> DMZ natted
sis4 -> DMZ bridged

      I'm going to configure it in this way:

      • every ip (public and on lan) is handled by carp - in this way I loose 2 public ip for each wan

      • some ip are natted on a port basic

      • some ip are bridged (and filtered)

      In this way I should be able to survive to 2 wan failures and to a firewall failure.

      I was able to configure outbound balancing with a snapshot from 2 month ago, but I was unable to make nat/bridge work, so today I started a fresh 1.2 beta1 install and tried to configure just carp IPs and nat to isolate the problem.
      I was unable to nat anything (I was able to make the firewall renspond to ping allowing icmp), do you have any idea?

      This is the relevant part of my conf (I'll post the rest tomorrow):

      
 <interfaces><lan><if>sis0</if>
                        <ipaddr>192.168.0.11</ipaddr>
                        <subnet>24</subnet>
                        <media><mediaopt><bandwidth>100</bandwidth>
                        <bandwidthtype>Mb</bandwidthtype></mediaopt></media></lan> 
                <wan><if>vlan0</if>
                        <mtu><media><mediaopt><bandwidth>100</bandwidth>
                        <bandwidthtype>Mb</bandwidthtype>
                        <ipaddr>WAN1.70</ipaddr>
                        <subnet>28</subnet>
                        <gateway>WAN1.73</gateway>
                        <spoofmac></spoofmac></mediaopt></media></mtu></wan> 
                <opt1><descr>SYNC</descr>
                        <if>sis2</if>
                        <bridge><enable><ipaddr>10.0.5.1</ipaddr>
                        <subnet>24</subnet>
                        <gateway><spoofmac></spoofmac></gateway></enable></bridge></opt1> 
                <opt2><descr>DMZ</descr>
                        <if>sis3</if>
                        <bridge><enable><ipaddr>10.0.3.1</ipaddr>
                        <subnet>24</subnet>
                        <gateway><spoofmac></spoofmac></gateway></enable></bridge></opt2> 
                <opt3><descr>BRIDGE</descr>
                        <if>sis4</if>
                        <bridge><ipaddr><subnet>32</subnet>
                        <gateway><spoofmac></spoofmac></gateway></ipaddr></bridge></opt3> 
                <opt4><descr>WAN2</descr>
                        <if>vlan1</if>
                        <bridge><ipaddr>WAN2.54</ipaddr>
                        <subnet>28</subnet>
                        <gateway>WAN2.57</gateway>
                        <spoofmac><mtu><enable></enable></mtu></spoofmac></bridge></opt4> 
                <opt5><descr>WAN3</descr>
                        <if>vlan2</if>
                        <bridge><ipaddr>WAN3.45</ipaddr>
                        <subnet>28</subnet>
                        <gateway>WAN3.33</gateway>
                        <spoofmac><mtu><enable></enable></mtu></spoofmac></bridge></opt5></interfaces>

      carp conf (just one)

      
 <vip><mode>carp</mode>
                        <interface>opt5</interface>
                        <vhid>2</vhid>
                        <advskew>0</advskew>
                        <password>****</password>
                        <descr>router WAN3</descr>
                        <type>single</type>
                        <subnet_bits>28</subnet_bits>
                        <subnet>WAN3.38</subnet></vip>

      vlans

       <vlans><vlan><if>sis1</if>
                        <tag>50</tag>
                        <descr>adsl telecom</descr></vlan> 
                <vlan><if>sis1</if>
                        <tag>60</tag>
                        <descr>adsl eutelia</descr></vlan> 
                <vlan><if>sis1</if>
                        <tag>70</tag>
                        <descr>wifi e4a</descr></vlan></vlans>

      many thanks

      1 Reply Last reply Reply Quote 0
      • J
        jeroen234
        last edited by

        are all the interfaces you bridged up ???
        if 1 is not up then the hole bridge is broken
        and none of the other bridged interfaces that are well connected will work until the bridge is fixed

        1 Reply Last reply Reply Quote 0
        • D
          disa
          last edited by

          I'm not using bridge, until now I just named the interface..

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.