"No route to host" from 1 of the 1:1 NAT'd IP's…



  • Hey guys, so I'm trying to setup 2 of my 5 static IP's on 1:1 NAT's. (They both need to be publically accessible.)

    The first of my 1:1 NAT's… 198.0.212.65 seems to be just fine, has all the connectivity I'd want, etc.
    But the 2nd.... the firewall doesn't seem to be passing any traffic through to it. If I try to telnet from the internet I get a timeout. Ok, simple enough, but the same FW Rule is in place allowing any port traffic from any on WAN to the LAN IP of the VM.

    If I try to telnet from the other NAT'd IP... (the VM on the .65) it gives me a 'No route to host.'
    If I traceroute, I see 192.168.10.1 (pfsense fw) as first hop...
    then 198.0.212.70 (Comcast gw) as second hop...
    and it times out after that. What am I doing wrong here?

    Seems this should just work... I have the VIPs and FW rules exactly the same for both public IP's... let me know if you need any more information!

    10:35AM: To add to this, I can telnet to the host from internal, as I have NAT reflection on, but external can't get to the IP, what firewall rule is causing this to get mucked up... hrmm

    11AM: Ok, so interestingly, the VM can't get out to the internet... even though it's network config is valid and has the exact same config as the other VM which CAN reach the internet.

    11:05AM: So the 1:1 NAT rule is breaking connectivity. Once I enable the 1:1 NAT rule for that IP, it can't get out to the internet. But once I disable it, it has connectivity.

    11:23AM: Anyone have any ideas how to make this work? Seems a 2nd 1:1 NAT rule shouldn't break connectivity...