Wan/VIP -> LAN issues

  • I have been trying very hard to figure this out.  I have done a ton of reading here and can't seem to find the specific answer I am needing to fix the problem I am having.

    Here is my setup
    I have an ISP which has given me 5 IP addresses


    Ipaddress:  66.XXX.XXX.138/29
    gateway:  66.XXX.XXX.136


    I have a Virtual IP
    IPaddress:  66.XXX.XXX.140/29

    What I want to do is route typical traffic from my interal users to my WAN interface and that is working correctly right now.  What I am having a problem with is that I need to route 2 specific HTTP ports to two seperate Interal IP address.

    For Example

    66.XXX.XXX.138 ->  *This is the WAN interface
    66.XXX.XXX.140 ->  *This is the Virtual IP

    I do a port forward as described in documentation in which I have both my WAN and my VIP specified as the sources and the corresponding IP's for local line specified in each NAT section.

    The problem is that I can access both pages internally (with Nat Reflection Check - Unchecked) but, I can't seem to get an outside connection to those pages.

    Can anyone give me a clue on how I can get this to work?


  • If you connect from the outside: do you see something in the firewall log dropped?
    Try as VIP type CARP (even if you dont need the CARP functionalities).

  • A single proxy-arp address should be added as 66.XXX.XXX.140/32 (single address, not network)

  • Changing it to CARP did the trick for me thanks!

  • I didnt notice before but dotdash is right.

    • With PARP you need to specify the correct IP with /32 If you want to map only one IP.
    • With CARP you need to specify the actual CIDR subnet of the IP in your case /29.

    PARP should work in your case too but if you want to run services on the pfSense on this VIP you should use CARP.

Log in to reply