Routing between IP-Alias IPs on different Firewalls on the same WAN subnet
I have an odd issue. That was hoping someone here can help me with. I'm sure its something really stupid that I am missing but for the life of me I just can't seem to get it.
I have 2 PFsense firewalls running on the same WAN subnet 38.xxx.xxx.128/25
Each of them have multiple IP-alias IPs that are 1:1 NATed to IPs on their respective LANs.
WAN - 38.xxx.xxx.225/25
(vIP) - 38.xxx.xxx.180
WAN - 38.xxx.xxx.135/25
(vIP) - 38.xxx.xxx.138
Now when I try to connect to 38.xxx.xxx.180:80 from a host behind FW2 it fails with a timeout.
However, I am able to communicate with 38.xxx.xxx.225.
I have an allow any rule on FW1 for that ip/port and can reach it from anywhere else…
I know I just need to tell FW2 to fwd requests for that IP to to FW1, but all my attempts to make that happen have failed ... miserably. :)
Any ideas would be greatly appreciated.
You shouldn't need to do anything.
What kind of VIP?
Is FW2 getting ARP for .180 when you try to connect?
Thanks for the reply Derelict,
I verified the ARP and no entry for .180 existed. But there was one for .225
I figured I would try adding a rule
any from WAN net to any
to make sure my pings would get through
and then everything fell into place. :)
I had just changed FW2 so its MAC was different, I'm thinking maybe a stale entry on FW1 for the Virtual IP was the issue, and once a ping finally made it, everything got updated.
I since removed the any rule I just made and now they can communicate fine.
I should also mention fw1 is running 2.1.2 and hasn't been rebooted for 500+ days. :) I have it scheduled to be updated at the end of the month, but was hoping to wait for 2.3 and go strait to it…
Anyway, thanks again for the point in the right direction...