Virtual IP in 2.2.3 doesn't seem to be working after upgrade



  • 2.2.3-RELEASE (amd64)
    Intel(R) Xeon(R) CPU X5650 @ 2.67GHz
    Current: 332 MHz, Max: 2660 MHz
    2 CPUs: 2 package(s) x 1 core(s)

    Just upgraded from 2.2.1 > 2.2.3

    It went pretty well BUT my virtual IP setup is working & not working.

    I had 5 vip's setup - those are ALL still working after the upgrade.  But when I add a new vip the exact same way I added the other 5 prior to the upgrade I can't get it to work.

    For example:

    vip:  7.7.7.6 > NATs to > 10.0.10.6:443

    When I go to https://7.7.7.6 > I get the PFSense web interface which is on 10.0.10.1.  It's supposed to logically go to 10.0.10.6 but doesn't!

    Any thoughts on this?

    My steps:

    Firewall > Virtual IPs > IP Alias is ticked > Add my IP:  7.7.7.6/27 > Save
    Firewall > NAT > + button at the bottom right > Interface = WAN > Protocol = TCP > Destination Type: Drop down to "7.7.7.6 (hostname.here) > Destination Port Range:  https to https > NAT Reflection = system default > Filter rule association = can't remember but I always let it auto generate one so it shows up as a firewall rule.
    Firewall > Rules = the filter rule association was made, shows that any inbound port can go to 10.0.10.6 on port 443

    I've also tried re-doing the entire setup for that new vip, trying 1:1 NAT, etc, etc but can't get it to show me anything but the darn PFSense login page.

    It's quite frustrating since the other rules work!  Fingers crossed they KEEP working.

    I'm still plugging away and quadruple checking my settings.  Maybe it's late and I'm going cross eyed.

    Thanks!



  • @pdrass:

    My steps:

    Firewall > Virtual IPs > IP Alias is ticked > Add my IP:  7.7.7.6/27 > Save
    Firewall > NAT > + button at the bottom right > Interface = WAN > Protocol = TCP > Destination Type: Drop down to "7.7.7.6 (hostname.here) > Destination Port Range:  https to https > NAT Reflection = system default > Filter rule association = can't remember but I always let it auto generate one so it shows up as a firewall rule.
    Firewall > Rules = the filter rule association was made, shows that any inbound port can go to 10.0.10.6 on port 443

    I'm missing Redirect target IP + port here.
    ??



  • Sounds like you don't have reflection enabled for 1:1?