Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Virtual IPs seem not to work

    NAT
    3
    4
    2.3k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • D
      donty01
      last edited by

      Hi All,

      I like the feel and approach of pfSense a great deal, but I have a small problem with configuring virtual IPs on the WAN NIC.

      Basic configuration is simplified to this:

      1 WAN NIC with static address showing in the webgui as x.x.x.129 /1 (not sure why it shows as /1 not /32 or some other subnetting)
      2 LAN NIC with 192.168.100.1/24
      3 Available public IPs x.x.x.129-200

      Using the WebGUI, I apply a proxy ARP or Other VIP to WAN NIC of x.x.x.171 and set NAT with auto creation of FW rules and for testing purposes even create wild any source/any port to .171 any port and the reverse rule to allow x.x.x.171 to send to any/any then if I ping from the webgui to the x.x.x.171 address I get no replies. Leading from that I obviously get no replies from WAN side or LAN side at all.

      Do I need to change the static IP subnet to encompass VIPs?  Any clues as to why what I thought would be a simple straightforward config is proving so unsuccessful?

      Must be missing something obvious I guess as others have been successful. Previously with other FW products just adding the IPs to the public side NIC and setting NAT and FW Rules worked fine. Is there a systemic difference with this product I need to understand. eg How is a VIP different from an alias in practice?

      Sorry, enough questions I think! ;-)

      K

      1 Reply Last reply Reply Quote 0
      • dotdashD
        dotdash
        last edited by

        @donty01:

        1 WAN NIC with static address showing in the webgui as x.x.x.129 /1 (not sure why it shows as /1 not /32 or some other subnetting)

        Stop right there. The WAN should be on the correct subnet for your IP block. If it is indeed static, and the web gui shows /1, then you most likely set the subnet mask to /1. Go back into the WAN interface setup and set the mask correctly. If I were to guess, the mask would be /25, but your ISP would know for sure.

        1 Reply Last reply Reply Quote 0
        • D
          donty01
          last edited by

          Thanks very much for that - fast and accurate.

          Sounds weak, but that was where I was heading - I think I just needed someone to confirm I wasn't mad! I'm 200 miles away from the thing and didn't want to slice off the branch I am sitting on! Its actually treated as a /24 - I am using it in parallel with some other devices on a LAN on the public side.

          I didn't explicitly set the mask so it must have defaulted at some point to 1. Knew it couldn't be too difficult to do such a simple thing ;-)

          Now I can get back to playing with the more complex real solution I need, but with evidence that future problems really are likely to be my mistakes not the FW's.

          Cheers!

          K

          1 Reply Last reply Reply Quote 0
          • J
            josh1856
            last edited by

            look at this post

            http://forum.pfsense.org/index.php/topic,5748.0.html

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.