Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    NAT 1:1 question

    NAT
    2
    5
    5.0k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • A
      agismaniax
      last edited by

      I'm using Virtual IPs and NAT 1:1 from external to my internal server.
      But I have these output in my system logs:

      Mar 14 08:43:29 kernel: arp_rtrequest: bad gateway 172.16.4.254 (!AF_LINK)
      Mar 13 18:27:50 kernel: arp_rtrequest: bad gateway xxx.xxx.xxx.22 (!AF_LINK)

      What is the meaning of that statement?

      I'm using this config:

      Virtual IPs: xxx.xxx.xxx.22/29 Type: CARP

      NAT 1:1
      WAN -> xxx.xxx.xxx.22/32 -> 172.16.4.52/32

      WAN:
      (1)
      Proto: TCP
      Source: any
      Port: any
      Destination: 172.16.4.52
      Port: 21
      Gateway: default

      (2)
      Proto: TCP
      Source: any
      Port: any
      Destination: 172.16.4.52
      Port: 30000-40000
      Gateway: default

      LAN:
      Port: any
      Source: 172.16.4.52
      Port: any
      Destination: any
      Gateway: any

      I'm trying to upload and download from external via passive ftp. It seems very slow in download process, but normal in upload process.
      Is that something wrong with my rules?
      Btw, i also use alias "WEB" for host 172.16.4.52.

      1 Reply Last reply Reply Quote 0
      • H
        hoba
        last edited by

        @agismaniax:

        Mar 14 08:43:29 kernel: arp_rtrequest: bad gateway 172.16.4.254 (!AF_LINK)
        Mar 13 18:27:50 kernel: arp_rtrequest: bad gateway xxx.xxx.xxx.22 (!AF_LINK)

        Those are cosmetical and can be ignored. They appear when the CARP IPs are brought up.
        Is that a full blow CARP setup (2 machines) or is that a single machine? If these are 2 machines chack that master/slave states are correct at both.

        I see you use a CARP IP at LAN too, is that your gateway IP for LAN clients? Make sure your Server uses that IP as gateway then too.

        Why do you need the rule at LAN? Have you restricted outgoing Access? The 1:1 NAT should take care that outgoing traffic is mapped back to the external CARP IP. Why does your LAN rule show a gateway "any" instead of default?

        1 Reply Last reply Reply Quote 0
        • A
          agismaniax
          last edited by

          I'm using CARP 172.16.4.254/24 in my LAN for failover firewall in the future. The real LAN IP is 172.16.4.252/24.
          I have two server inside, and each External Virtual IPs is mapped only one machine.

          Sorry, wrong type, it is not "any", but "default" in LAN rule.
          I have to restrict outgoing connection from my user, but no limit for the server.
          Trying to reset LAN rule to default, still won't increase outgoing traffic.

          Do you have any suggestion?  ??? ??? ???

          1 Reply Last reply Reply Quote 0
          • A
            agismaniax
            last edited by

            You can try also to download a file from http://203.77.230.22/pure-ftpd-1.0.20.tar.gz or login and download a file from ftp://203.77.230.22 (user: pfsense, pass: pfsense).

            It very very slow…  :( :( :(
            I've checked my ISP and they said my upstream traffic is almost empty.

            1 Reply Last reply Reply Quote 0
            • A
              agismaniax
              last edited by

              after several times reset to default and recreate the rule at firewall.
              also reconfigure my ftp server setting, download/upload is running smoothly.

              thanks a lot…  :D :D :D

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.