I can't get routing working correctly



  • I created my virtual IP and than created the NAT rules and I can't see the websites now from wan. Any Help would be appreciated. Maybe I should of created the virtual IP's and than created firewall rules instead of NAT? :(

    Virtual IPsCARP Settings
    Virtual IP address Interface Type Description
    edit
    63.226.242.186/29 WAN ip alias Public IP #2
    edit delete
    63.226.242.187/29 WAN ip alias Public IP #3
    edit delete
    63.226.242.188/29 WAN ip alias Public IP #4
    edit delete
    63.226.242.189/29 WAN ip alias Public IP #5
    edit delete
    edit
    Note:
    The virtual IP addresses defined on this page may be used in NAT mappings.
    You can check the status of your CARP Virtual IPs and interfaces here.

    And here are the rules
    ID Proto Source Port Destination Port Gateway Queue Schedule Description
    delete selected rules add
    icon   IPv4 TCP/UDP * 53 (DNS) 192.168.1.15 53 (DNS) * none   NAT sbs2008 DNS
    move selected rules before this rule edit
    delete add
    icon   IPv4 TCP/UDP 63.226.242.185 143 (IMAP) 192.168.1.15 143 (IMAP) * none   NAT SBS 2008 IMAP
    move selected rules before this rule edit
    delete add
    icon   IPv4 TCP/UDP 63.226.242.185 119 (NNTP) 192.168.1.15 119 (NNTP) * none   NAT SBS 2008 NNTP
    move selected rules before this rule edit
    delete add
    icon   IPv4 TCP/UDP 63.226.242.185 25 (SMTP) 192.168.1.15 25 (SMTP) * none   NAT SBS2008 SMTP
    move selected rules before this rule edit
    delete add
    icon   IPv4 TCP/UDP 63.226.242.185 110 (POP3) 192.168.1.15 110 (POP3) * none   NAT SBS 2008 POP3
    move selected rules before this rule edit
    delete add
    icon   IPv4 TCP/UDP 63.226.242.185 80 (HTTP) 192.168.1.15 80 (HTTP) * none   NAT SBS 2008 HTTP
    move selected rules before this rule edit
    delete add
    icon   IPv4 TCP/UDP 63.226.242.185 443 (HTTPS) 192.168.1.15 443 (HTTPS) * none   NAT SBS2008 HTTPS
    move selected rules before this rule edit
    delete add
    icon   IPv4 TCP/UDP 63.226.242.185 995 (POP3/S) 192.168.1.15 995 (POP3/S) * none   NAT SBS 2008 Exchange
    move selected rules before this rule edit
    delete add
    icon   IPv4 TCP/UDP 63.226.242.185 587 (SUBMISSION) 192.168.1.15 995 (POP3/S) * none   NAT SBS 2008 POP3 587
    move selected rules before this rule edit
    delete add
    icon   IPv4 TCP/UDP 63.226.242.185 123 (NTP) 192.168.1.15 123 (NTP) * none   NAT SBS 2008 Time Server
    move selected rules before this rule edit
    delete add
    icon   IPv4 TCP/UDP 63.226.242.185 1723 (PPTP) 192.168.1.15 1723 (PPTP) * none   NAT SBS 2008 PPTP
    move selected rules before this rule edit
    delete add
    icon   IPv4 TCP/UDP 63.226.242.185 987 192.168.1.15 987 * none   NAT SBS 2008 SharePoint
    move selected rules before this rule edit
    delete add
    icon   IPv4 TCP * 80 (HTTP) 192.168.1.18 80 (HTTP) * none   NAT Web Server Http 18
    move selected rules before this rule edit
    delete add
    icon   IPv4 TCP/UDP 63.226.242.188 443 (HTTPS) 192.168.1.18 443 (HTTPS) * none   NAT Web Server 18
    move selected rules before this rule edit
    delete add
    icon   IPv4 TCP/UDP 63.226.242.189 80 (HTTP) 192.168.1.19 80 (HTTP) * none   NAT Web Server 19
    move selected rules before this rule edit
    delete add
    icon   IPv4 TCP/UDP 63.226.242.189 443 (HTTPS) 192.168.1.19 443 (HTTPS) * none   NAT Web Server 19
    move selected rules before this rule edit
    delete add
    icon   IPv4 TCP/UDP 63.226.242.187 53 (DNS) 192.168.1.17 53 (DNS) * none   NAT Secondary DNS
    move selected rules before this rule edit
    delete add
    icon   IPv4 TCP/UDP 63.226.242.186 80 (HTTP) 192.168.1.16 80 (HTTP) * none   NAT Alarm System
    move selected rules before this rule edit
    delete add
    icon   IPv4 TCP/UDP 63.226.242.186 443 (HTTPS) 192.168.1.16 443 (HTTPS) * none   NAT Alarm HTTPS
    move selected rules before this rule edit
    delete add


  • Netgate Administrator

    Those look like firewall rules not port forward rules. (or NAT rules)

    Edit: Just to expand on that. You want to add port forward rules and use the 'Filter rule association' option to add the firewall rule automatically (which is the default behaviour).
    You may also want to use manual outbound NAT rules if you want traffic returning from your servers to use the IP Alias addresses as their source address.

    Steve