Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Using Virtual IP / NAT Problem

    NAT
    4
    8
    2.2k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • J
      JoeLeo
      last edited by

      Need help with setting up the following:

      I have 2 sets of WAN subnet IP's configured on a single WAN Interface. Each WAN subnet allows for 5 public ips. I've configured WAN1 & WAN2 respectively to use the 2 assigned WAN sugnets. I've also configured the remaining IP's as "Virtual IP" for both WANs (4 VIP for each WAN)

      I have several LAN IP's behind the PFsense: LAN1, LAN2, etc. I've setup a 1:1 NAT firewall rule for one of the Virtual IP's to MAP to LAN1 which has a CPanel server running. When I do a traceroute from LAN1 Interface I want the traffic to use the virtual ip used for the 1:1 NAT and NOT the default WAN IP configured. How can I do this?

      The problem trying to solve is that CPanel detects the WAN IP to use for its licensing. It uses some script to detect the public ip in use. However, with my current setup CPanel is detecting the default WAN IP and NOT the virtual ip being used as the 1:1 NAT. NOTE: the LAN1 & CPanel is on a private IP.

      1 Reply Last reply Reply Quote 0
      • C
        cmb
        last edited by

        You probably have Squid or some other proxy setup, where the cpanel server isn't actually making the request to the Internet, the proxy is.

        1 Reply Last reply Reply Quote 0
        • J
          JoeLeo
          last edited by

          No I don't have Squid or any Proxy setup. Just have pfsense vip & 1:1 nat to a host behind LAN1 interface. I imagine if I do a traceroute from the host behind LAN1 it should show that its exiting the Virtual IP being used as the 1:1 NAT.

          1 Reply Last reply Reply Quote 0
          • S
            Supermule Banned
            last edited by

            Have you configured your aoutbound NAT settings for that specific IP?

            1 Reply Last reply Reply Quote 0
            • C
              cmb
              last edited by

              @JoeLeo:

              I imagine if I do a traceroute from the host behind LAN1 it should show that its exiting the Virtual IP being used as the 1:1 NAT.

              No, traceroute has no concept of source IP. It shows the IPs of the routers that are traversed, it'll never show anything relevant to your NAT address.

              1 Reply Last reply Reply Quote 0
              • J
                JoeLeo
                last edited by

                Hi still needing of some help to fix VIP + NAT issue. I'm trying to get outbound traffic to pass thru a configured VIP IP and not the ip configured on physical interface. How can one test to validate if a LAN interface is using the proper outbound NAT'd IP address?

                1 Reply Last reply Reply Quote 0
                • johnpozJ
                  johnpoz LAYER 8 Global Moderator
                  last edited by

                  I would just sniff on the interface - what does it show for the source IP.  You can do a packet capture under diagnostics on pfsense.  Take 2 seconds to see what IP your traffic is using on the wan side.

                  An intelligent man is sometimes forced to be drunk to spend time with his fools
                  If you get confused: Listen to the Music Play
                  Please don't Chat/PM me for help, unless mod related
                  SG-4860 24.11 | Lab VMs 2.7.2, 24.11

                  1 Reply Last reply Reply Quote 0
                  • C
                    cmb
                    last edited by

                    Or just check Diag>States.

                    1 Reply Last reply Reply Quote 0
                    • First post
                      Last post
                    Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.