Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    NAT and Rule problems

    Scheduled Pinned Locked Moved NAT
    10 Posts 4 Posters 3.4k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • D
      dudi
      last edited by

      I have installed Pfsense 1.2 on a Dell Poweredge 750 server. I have two Ethernet interfaces in this server. One interface is put on the WAN side, and the other is on the LAN. My Internet provider has provided me with a .29 mask network on a SDSL internet line. I have defined four “Other Virtual IPs” in FPsense and used them in the NAT/Rules. The problem is that I can’t reach the inside NAT/Ruled IP’s from the WAN’s defined VIP’s, but I can reach Pfsense interface IP. Someone who has any idea of my problems?

      1 Reply Last reply Reply Quote 0
      • GruensFroeschliG
        GruensFroeschli
        last edited by

        Did you create firewall rules that allow access to the VIP's?

        We do what we must, because we can.

        Asking questions the smart way: http://www.catb.org/esr/faqs/smart-questions.html

        1 Reply Last reply Reply Quote 0
        • C
          cmb
          last edited by

          Unless those IPs are routed to your WAN IP, you'll need to use proxy ARP or CARP type VIPs, not Other.

          1 Reply Last reply Reply Quote 0
          • D
            dudi
            last edited by

            I created NAT between wan-ip and lan-ip who atomically created a access Rule to the lan-ip.

            @GruensFroeschli:

            Did you create firewall rules that allow access to the VIP's?

            1 Reply Last reply Reply Quote 0
            • D
              dudi
              last edited by

              I got a "small" ip-segment ( 193.71../29 ) with a gateway IP from my prowider. I have used this range before with a Soncwall PRO.

              @cmb:

              Unless those IPs are routed to your WAN IP, you'll need to use proxy ARP or CARP type VIPs, not Other.

              1 Reply Last reply Reply Quote 0
              • H
                heiko
                last edited by

                Take a look at the screenshot

                ScreenShot004.jpg
                ScreenShot004.jpg_thumb

                1 Reply Last reply Reply Quote 0
                • D
                  dudi
                  last edited by

                  Yes, I mean I tried this. Should the mask for this Proxy ARP be /32?, or should it be the same mask as for my WAN IP segment (/29)?

                  For you information I got access to the PF's own interface IP from the WAN. This IP is of cause one inside of my WAN mask.

                  @heiko:

                  Take a look at the screenshot

                  1 Reply Last reply Reply Quote 0
                  • H
                    heiko
                    last edited by

                    Proxy arp with /32 and Carp with you isp mask /29.

                    1 Reply Last reply Reply Quote 0
                    • D
                      dudi
                      last edited by

                      Proxy Arp/32 does not function with my alternative IP's from WAN only with PF's interface IP. Carp/29 does well with one of the alternative IP's, but the server boots many times every time I change something. I must test further… :( When I put in a 10 year’s old Sonicwall PRO everything works, but I can’t use this unit instead because it’s feature less. :)

                      @heiko:

                      Proxy arp with /32 and Carp with you isp mask /29.

                      1 Reply Last reply Reply Quote 0
                      • D
                        dudi
                        last edited by

                        Ah… When I put on a unic VHID Group on every carp IP everythig was ok... :-)

                        1 Reply Last reply Reply Quote 0
                        • First post
                          Last post
                        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.