4. Virtual IPs seem not to work

Virtual IPs seem not to work

  • D

    Hi All,

    I like the feel and approach of pfSense a great deal, but I have a small problem with configuring virtual IPs on the WAN NIC.

    Basic configuration is simplified to this:

    1 WAN NIC with static address showing in the webgui as x.x.x.129 /1 (not sure why it shows as /1 not /32 or some other subnetting)
    2 LAN NIC with 192.168.100.1/24
    3 Available public IPs x.x.x.129-200

    Using the WebGUI, I apply a proxy ARP or Other VIP to WAN NIC of x.x.x.171 and set NAT with auto creation of FW rules and for testing purposes even create wild any source/any port to .171 any port and the reverse rule to allow x.x.x.171 to send to any/any then if I ping from the webgui to the x.x.x.171 address I get no replies. Leading from that I obviously get no replies from WAN side or LAN side at all.

    Do I need to change the static IP subnet to encompass VIPs?  Any clues as to why what I thought would be a simple straightforward config is proving so unsuccessful?

    Must be missing something obvious I guess as others have been successful. Previously with other FW products just adding the IPs to the public side NIC and setting NAT and FW Rules worked fine. Is there a systemic difference with this product I need to understand. eg How is a VIP different from an alias in practice?

    Sorry, enough questions I think! ;-)

    K

    0

  • @donty01:

    1 WAN NIC with static address showing in the webgui as x.x.x.129 /1 (not sure why it shows as /1 not /32 or some other subnetting)

    Stop right there. The WAN should be on the correct subnet for your IP block. If it is indeed static, and the web gui shows /1, then you most likely set the subnet mask to /1. Go back into the WAN interface setup and set the mask correctly. If I were to guess, the mask would be /25, but your ISP would know for sure.

    0
  • D

    Thanks very much for that - fast and accurate.

    Sounds weak, but that was where I was heading - I think I just needed someone to confirm I wasn't mad! I'm 200 miles away from the thing and didn't want to slice off the branch I am sitting on! Its actually treated as a /24 - I am using it in parallel with some other devices on a LAN on the public side.

    I didn't explicitly set the mask so it must have defaulted at some point to 1. Knew it couldn't be too difficult to do such a simple thing ;-)

    Now I can get back to playing with the more complex real solution I need, but with evidence that future problems really are likely to be my mistakes not the FW's.

    Cheers!

    K

    0
  • J

    look at this post

    http://forum.pfsense.org/index.php/topic,5748.0.html

    0
Locked
 

Products

Applications

Support

Services

News

Resources

Company

Our Mission

As host of the pfSense open source firewall project, Netgate believes in enhancing network connectivity that maintains both security and privacy. We also believe everyone should be able to afford it.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2002 - 2018 Rubicon Communications, LLC | Privacy Policy