Problems with static IP setup
Hello I have some issues with static IP setup/firewall. I believe I may have a basic problem here that someone with much more networking knowledge can answer.
My ISP has given me the following:
Network Address: XX.XX.XX.40
Default Gateway : XX.XX.XX.41
Available Address(s): XX.XX.XX.42 thru XX.XX.XX.46
Network Mask: 255.255.255.248
IP Address .42-.45 seem to work but .46 will NOT work. I have them all setup as virtual IPs. All the other addresses work, .42 is assigned to pfsense. I have pfsense set to static IP XX.XX.XX.42/29.
What can I check? I'm getting every port blocked for IP .46
The information you give looks good - xx.xx.xx.42/29 should give a subnet from xx.xx.xx.40 to xx.xx.xx.47 - .40 will be the unused "network" address at the bottom, .47 is the subnet broadcast address at the top. The ISP has allocated .41 as the gateway and you should be able to use .42 to .46 as valid WAN addresses.
I have them all setup as virtual IPs.
I don't think they can all be virtual IPs - 1 of them will be your real WAN IP, but they should all be useable as public IPs.
What did you use for your real WAN IP?
Thanks Phil, Real WAN IP is the .42… Still can't get it to pass traffic for .46 - all other IPs work.. Anything else to check?
I am struggling to think of a good suggestion - when .42 .43 .44 .45 all work and .46 does not. Others feel free to give input. Or take the easy path and blame the ISP? :)
Call up the ISP screaming and cursing. If you lack much 4 letter vocabulary, let me know. I can suggest a few words.
2^(32-29) - 2 = 6 usable hosts
I can't imagine why its not working.
Assuming for a moment that it's not the ISP (which it may well be!), I can think of one or two notions. This sounds like one of those 'slap the forehead' moments I have when setting up something relatively simple and finding it doesn't work. Can you verify that the .46 VIP is set up exactly the same as the others that work? Has it been set up as an IP alias, or some other type (CARP, Proxy ARP, etc)? If you open up an SSH session, try running "ifconfig | more" and have a look at the network addresses listed. Do all the VIPs show up correctly and bound to the same NIC? Here endeth my 2-cents-worth.
Thought number 3: Although I can't verify this, maybe there's a maximum number of VIPs that can be assigned to one NIC? A possible way to test this theory is to remove one of the existing VIPs and re-enter the .46 VIP. If it works when another VIP is removed then maybe this is the answer.
2^(32-29) - 2 = 6 usable hosts
and the ISP uses one of those as the gateway, leaving 5 usable hosts for the customer.
"Default Gateway : XX.XX.XX.41"
"Available Address(s): XX.XX.XX.42 thru XX.XX.XX.46"
Later I expect to hear "Thanks for all the help. I found the problem. I typo-ed a setting"
But assuming no typo, I don't know why its not working.
Another silly, but possible answer: Are you sure that .46 isn't being used already by another host? Try pinging the address, or possibly running a non-ping nmap scan to see if it shows up.