Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    NAT and Rule problems

    NAT
    4
    10
    2967
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • D
      dudi last edited by

      I have installed Pfsense 1.2 on a Dell Poweredge 750 server. I have two Ethernet interfaces in this server. One interface is put on the WAN side, and the other is on the LAN. My Internet provider has provided me with a .29 mask network on a SDSL internet line. I have defined four “Other Virtual IPs” in FPsense and used them in the NAT/Rules. The problem is that I can’t reach the inside NAT/Ruled IP’s from the WAN’s defined VIP’s, but I can reach Pfsense interface IP. Someone who has any idea of my problems?

      1 Reply Last reply Reply Quote 0
      • GruensFroeschli
        GruensFroeschli last edited by

        Did you create firewall rules that allow access to the VIP's?

        1 Reply Last reply Reply Quote 0
        • C
          cmb last edited by

          Unless those IPs are routed to your WAN IP, you'll need to use proxy ARP or CARP type VIPs, not Other.

          1 Reply Last reply Reply Quote 0
          • D
            dudi last edited by

            I created NAT between wan-ip and lan-ip who atomically created a access Rule to the lan-ip.

            @GruensFroeschli:

            Did you create firewall rules that allow access to the VIP's?

            1 Reply Last reply Reply Quote 0
            • D
              dudi last edited by

              I got a "small" ip-segment ( 193.71../29 ) with a gateway IP from my prowider. I have used this range before with a Soncwall PRO.

              @cmb:

              Unless those IPs are routed to your WAN IP, you'll need to use proxy ARP or CARP type VIPs, not Other.

              1 Reply Last reply Reply Quote 0
              • H
                heiko last edited by

                Take a look at the screenshot


                1 Reply Last reply Reply Quote 0
                • D
                  dudi last edited by

                  Yes, I mean I tried this. Should the mask for this Proxy ARP be /32?, or should it be the same mask as for my WAN IP segment (/29)?

                  For you information I got access to the PF's own interface IP from the WAN. This IP is of cause one inside of my WAN mask.

                  @heiko:

                  Take a look at the screenshot

                  1 Reply Last reply Reply Quote 0
                  • H
                    heiko last edited by

                    Proxy arp with /32 and Carp with you isp mask /29.

                    1 Reply Last reply Reply Quote 0
                    • D
                      dudi last edited by

                      Proxy Arp/32 does not function with my alternative IP's from WAN only with PF's interface IP. Carp/29 does well with one of the alternative IP's, but the server boots many times every time I change something. I must test further… :( When I put in a 10 year’s old Sonicwall PRO everything works, but I can’t use this unit instead because it’s feature less. :)

                      @heiko:

                      Proxy arp with /32 and Carp with you isp mask /29.

                      1 Reply Last reply Reply Quote 0
                      • D
                        dudi last edited by

                        Ah… When I put on a unic VHID Group on every carp IP everythig was ok... :-)

                        1 Reply Last reply Reply Quote 0
                        • First post
                          Last post

                        Products

                        • Platform Overview
                        • TNSR
                        • pfSense Plus
                        • Appliances

                        Services

                        • Training
                        • Professional Services

                        Support

                        • Subscription Plans
                        • Contact Support
                        • Product Lifecycle
                        • Documentation

                        News

                        • Media Coverage
                        • Press
                        • Events

                        Resources

                        • Blog
                        • FAQ
                        • Find a Partner
                        • Resource Library
                        • Security Information

                        Company

                        • About Us
                        • Careers
                        • Partners
                        • Contact Us
                        • Legal
                        Our Mission

                        We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

                        Subscribe to our Newsletter

                        Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

                        © 2021 Rubicon Communications, LLC | Privacy Policy