Using Virtual IP / NAT Problem

JoeLeo · Nov 27, 2014, 7:21 PM

Need help with setting up the following:

I have 2 sets of WAN subnet IP's configured on a single WAN Interface. Each WAN subnet allows for 5 public ips. I've configured WAN1 & WAN2 respectively to use the 2 assigned WAN sugnets. I've also configured the remaining IP's as "Virtual IP" for both WANs (4 VIP for each WAN)

I have several LAN IP's behind the PFsense: LAN1, LAN2, etc. I've setup a 1:1 NAT firewall rule for one of the Virtual IP's to MAP to LAN1 which has a CPanel server running. When I do a traceroute from LAN1 Interface I want the traffic to use the virtual ip used for the 1:1 NAT and NOT the default WAN IP configured. How can I do this?

The problem trying to solve is that CPanel detects the WAN IP to use for its licensing. It uses some script to detect the public ip in use. However, with my current setup CPanel is detecting the default WAN IP and NOT the virtual ip being used as the 1:1 NAT. NOTE: the LAN1 & CPanel is on a private IP.

cmb · Nov 27, 2014, 7:35 PM

You probably have Squid or some other proxy setup, where the cpanel server isn't actually making the request to the Internet, the proxy is.

JoeLeo · Nov 28, 2014, 3:31 PM

No I don't have Squid or any Proxy setup. Just have pfsense vip & 1:1 nat to a host behind LAN1 interface. I imagine if I do a traceroute from the host behind LAN1 it should show that its exiting the Virtual IP being used as the 1:1 NAT.

Supermule · Nov 28, 2014, 3:40 PM

Have you configured your aoutbound NAT settings for that specific IP?

cmb · Nov 28, 2014, 7:01 PM

@JoeLeo:

I imagine if I do a traceroute from the host behind LAN1 it should show that its exiting the Virtual IP being used as the 1:1 NAT.

No, traceroute has no concept of source IP. It shows the IPs of the routers that are traversed, it'll never show anything relevant to your NAT address.

JoeLeo · Dec 1, 2014, 2:21 AM

Hi still needing of some help to fix VIP + NAT issue. I'm trying to get outbound traffic to pass thru a configured VIP IP and not the ip configured on physical interface. How can one test to validate if a LAN interface is using the proper outbound NAT'd IP address?

johnpoz · Dec 3, 2014, 3:43 PM

I would just sniff on the interface - what does it show for the source IP. You can do a packet capture under diagnostics on pfsense. Take 2 seconds to see what IP your traffic is using on the wan side.

cmb · Dec 4, 2014, 6:19 PM

Or just check Diag>States.