• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

Using Virtual IP / NAT Problem

Scheduled Pinned Locked Moved NAT
8 Posts 4 Posters 2.3k Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • J
    JoeLeo
    last edited by Nov 27, 2014, 7:21 PM

    Need help with setting up the following:

    I have 2 sets of WAN subnet IP's configured on a single WAN Interface. Each WAN subnet allows for 5 public ips. I've configured WAN1 & WAN2 respectively to use the 2 assigned WAN sugnets. I've also configured the remaining IP's as "Virtual IP" for both WANs (4 VIP for each WAN)

    I have several LAN IP's behind the PFsense: LAN1, LAN2, etc. I've setup a 1:1 NAT firewall rule for one of the Virtual IP's to MAP to LAN1 which has a CPanel server running. When I do a traceroute from LAN1 Interface I want the traffic to use the virtual ip used for the 1:1 NAT and NOT the default WAN IP configured. How can I do this?

    The problem trying to solve is that CPanel detects the WAN IP to use for its licensing. It uses some script to detect the public ip in use. However, with my current setup CPanel is detecting the default WAN IP and NOT the virtual ip being used as the 1:1 NAT. NOTE: the LAN1 & CPanel is on a private IP.

    1 Reply Last reply Reply Quote 0
    • C
      cmb
      last edited by Nov 27, 2014, 7:35 PM

      You probably have Squid or some other proxy setup, where the cpanel server isn't actually making the request to the Internet, the proxy is.

      1 Reply Last reply Reply Quote 0
      • J
        JoeLeo
        last edited by Nov 28, 2014, 3:31 PM

        No I don't have Squid or any Proxy setup. Just have pfsense vip & 1:1 nat to a host behind LAN1 interface. I imagine if I do a traceroute from the host behind LAN1 it should show that its exiting the Virtual IP being used as the 1:1 NAT.

        1 Reply Last reply Reply Quote 0
        • S
          Supermule Banned
          last edited by Nov 28, 2014, 3:40 PM

          Have you configured your aoutbound NAT settings for that specific IP?

          1 Reply Last reply Reply Quote 0
          • C
            cmb
            last edited by Nov 28, 2014, 7:01 PM

            @JoeLeo:

            I imagine if I do a traceroute from the host behind LAN1 it should show that its exiting the Virtual IP being used as the 1:1 NAT.

            No, traceroute has no concept of source IP. It shows the IPs of the routers that are traversed, it'll never show anything relevant to your NAT address.

            1 Reply Last reply Reply Quote 0
            • J
              JoeLeo
              last edited by Dec 1, 2014, 2:21 AM

              Hi still needing of some help to fix VIP + NAT issue. I'm trying to get outbound traffic to pass thru a configured VIP IP and not the ip configured on physical interface. How can one test to validate if a LAN interface is using the proper outbound NAT'd IP address?

              1 Reply Last reply Reply Quote 0
              • J
                johnpoz LAYER 8 Global Moderator
                last edited by Dec 3, 2014, 3:43 PM

                I would just sniff on the interface - what does it show for the source IP.  You can do a packet capture under diagnostics on pfsense.  Take 2 seconds to see what IP your traffic is using on the wan side.

                An intelligent man is sometimes forced to be drunk to spend time with his fools
                If you get confused: Listen to the Music Play
                Please don't Chat/PM me for help, unless mod related
                SG-4860 24.11 | Lab VMs 2.7.2, 24.11

                1 Reply Last reply Reply Quote 0
                • C
                  cmb
                  last edited by Dec 4, 2014, 6:19 PM

                  Or just check Diag>States.

                  1 Reply Last reply Reply Quote 0
                  1 out of 8
                  • First post
                    1/8
                    Last post
                  Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
                    This community forum collects and processes your personal information.
                    consent.not_received