Virtual IP alias as gateway for a subnet
-
It is getting your other subnets but not the 10.x.x.x one.
Make sure the IP alias VIP has the proper subnet mask set (not /32)./24
-
And that IP alias is on the correct interface? (LAN)
Check Diagnostics > Routes, paste the output here, it might give some more clues.
-
-
OK that all looks good now - and if you check /tmp/rules.debug and look for tonatsubnets - the 10.x.x.x network still doesn't show up?
If not, then you probably will need to go to outbound NAT, delete any rules there, and switch to manual outbound NAT once more. Then add a rule for 10.x.x.x.
-
OK that all looks good now - and if you check /tmp/rules.debug and look for tonatsubnets - the 10.x.x.x network still doesn't show up?
Nope:
# Subnets to NAT tonatsubnets = "{ 192.168.0.0/24 192.168.1.0/24 127.0.0.0/8 }" nat on $WAN from $tonatsubnets port 500 to any port 500 -> x.x.x.154/32 port 500 nat on $WAN from $tonatsubnets to any -> x.x.x.154/32 port 1024:65535If not, then you probably will need to go to outbound NAT, delete any rules there, and switch to manual outbound NAT once more. Then add a rule for 10.x.x.x.
Why can't that be automatic? Why life can't be easy? Why there's no Santa Claus?
Did not delete existing rules, they look good for me. I just added new NAT rule, reset states, and this time got luck, 10.0.0.8 now pings 8.8.8.8.Now the questions:
Is that a bug or feature?
If not a feature, where can I request it?This box will replace an old Netscreen, 1:1 NATing a bunch of servers, responsible for our internet presence, connect two remote offices, provide IPsec VPN for mobile warriors, and some more I don't remember now.
Will leave on vacation now and get back on january 7 to finish this. Happy holidays, merry Christmas, happy end-of-the-world, happy new year, and many thanks for your almost-chat support. I was almost ditching pfsense.
Best regards,
–
Marcio Merlone -
I had thought it was automatic, but it's apparently not (at least on the version you're using, I don't know about 2.1)
Using multiple subnets on a single interface in that was is still mostly an edge case. Most people put distinct subnets on separate VLANs or interfaces.
