Setting up two web servers



  • I am trying to set up two web servers behind a 2.1 PFSense machine.

    My ISP gives me four static IPs and a single gateway those IPs connect through.  The first web server is set up using port forwarding.  The first server's external IP is 1.2.3.6 (changed for anonymity) and it forwards to 10.0.0.203.  The part I'm stuck on is trying to get my internal IP 10.0.0.205 translated to 1.2.3.7.

    My WAN address is 1.2.3.6 and I set up a virtual IP for 1.2.3.7.  After reading other posts, I have set up the following outbound NAT rules with manual outbound NAT.

    WAN  10.0.0.205/32 * * * 1.2.3.7 * NO  
    WAN  10.0.0.0/16 * * * WAN address * NO Auto created rule for LAN to WAN

    The .205 server can't ping the internet or resolve host names after setting up the virtual IP and outbound NAT rule.  The .203 server works as expected.

    Am I missing something obvious?  I want the second web server protected by the firewall/snort while acting as if it is on the 1.2.3.7 internet address.

    Edit:  Here are my state tables when I try to ping Google's DNS.  First, the working server.
    icmp 8.8.8.8:47482 <- 10.0.0.203 0:0
    icmp 10.0.0.203:47482 -> 1.2.3.6:37866 -> 8.8.8.8 0:0

    Next, the non-working server.
    icmp 8.8.8.8:27396 <- 10.0.0.205 0:0
    icmp 10.0.0.205:27396 -> 1.2.3.7:9714 -> 8.8.8.8 0:0

    It looks like it should be working.  I'm not seeing any blocked packets in the firewall logs.



  • After sleeping and getting a fresh perspective on it, I found the issue.  In my virtual IP, I read the subnet comment wrong and thought it was a CIDR range instead of a subnet mask.  Changing it from /32 to /29 fixed the issue.  Everything else I did was correct, with the exception of intentionally leaving out the port forwarding rules.

    Hopefully someone else sees this and it helps them figure out how to perform a similar setup.


Log in to reply