Setting up two web servers
I am trying to set up two web servers behind a 2.1 PFSense machine.
My ISP gives me four static IPs and a single gateway those IPs connect through. The first web server is set up using port forwarding. The first server's external IP is 220.127.116.11 (changed for anonymity) and it forwards to 10.0.0.203. The part I'm stuck on is trying to get my internal IP 10.0.0.205 translated to 18.104.22.168.
My WAN address is 22.214.171.124 and I set up a virtual IP for 126.96.36.199. After reading other posts, I have set up the following outbound NAT rules with manual outbound NAT.
WAN 10.0.0.205/32 * * * 188.8.131.52 * NO
WAN 10.0.0.0/16 * * * WAN address * NO Auto created rule for LAN to WAN
The .205 server can't ping the internet or resolve host names after setting up the virtual IP and outbound NAT rule. The .203 server works as expected.
Am I missing something obvious? I want the second web server protected by the firewall/snort while acting as if it is on the 184.108.40.206 internet address.
Edit: Here are my state tables when I try to ping Google's DNS. First, the working server.
icmp 220.127.116.11:47482 <- 10.0.0.203 0:0
icmp 10.0.0.203:47482 -> 18.104.22.168:37866 -> 22.214.171.124 0:0
Next, the non-working server.
icmp 126.96.36.199:27396 <- 10.0.0.205 0:0
icmp 10.0.0.205:27396 -> 188.8.131.52:9714 -> 184.108.40.206 0:0
It looks like it should be working. I'm not seeing any blocked packets in the firewall logs.
After sleeping and getting a fresh perspective on it, I found the issue. In my virtual IP, I read the subnet comment wrong and thought it was a CIDR range instead of a subnet mask. Changing it from /32 to /29 fixed the issue. Everything else I did was correct, with the exception of intentionally leaving out the port forwarding rules.
Hopefully someone else sees this and it helps them figure out how to perform a similar setup.