Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    NAT and Rule problems

    NAT
    4
    10
    2980
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • D
      dudi last edited by

      I have installed Pfsense 1.2 on a Dell Poweredge 750 server. I have two Ethernet interfaces in this server. One interface is put on the WAN side, and the other is on the LAN. My Internet provider has provided me with a .29 mask network on a SDSL internet line. I have defined four “Other Virtual IPs” in FPsense and used them in the NAT/Rules. The problem is that I can’t reach the inside NAT/Ruled IP’s from the WAN’s defined VIP’s, but I can reach Pfsense interface IP. Someone who has any idea of my problems?

      1 Reply Last reply Reply Quote 0
      • GruensFroeschli
        GruensFroeschli last edited by

        Did you create firewall rules that allow access to the VIP's?

        We do what we must, because we can.

        Asking questions the smart way: http://www.catb.org/esr/faqs/smart-questions.html

        1 Reply Last reply Reply Quote 0
        • C
          cmb last edited by

          Unless those IPs are routed to your WAN IP, you'll need to use proxy ARP or CARP type VIPs, not Other.

          1 Reply Last reply Reply Quote 0
          • D
            dudi last edited by

            I created NAT between wan-ip and lan-ip who atomically created a access Rule to the lan-ip.

            @GruensFroeschli:

            Did you create firewall rules that allow access to the VIP's?

            1 Reply Last reply Reply Quote 0
            • D
              dudi last edited by

              I got a "small" ip-segment ( 193.71../29 ) with a gateway IP from my prowider. I have used this range before with a Soncwall PRO.

              @cmb:

              Unless those IPs are routed to your WAN IP, you'll need to use proxy ARP or CARP type VIPs, not Other.

              1 Reply Last reply Reply Quote 0
              • H
                heiko last edited by

                Take a look at the screenshot


                1 Reply Last reply Reply Quote 0
                • D
                  dudi last edited by

                  Yes, I mean I tried this. Should the mask for this Proxy ARP be /32?, or should it be the same mask as for my WAN IP segment (/29)?

                  For you information I got access to the PF's own interface IP from the WAN. This IP is of cause one inside of my WAN mask.

                  @heiko:

                  Take a look at the screenshot

                  1 Reply Last reply Reply Quote 0
                  • H
                    heiko last edited by

                    Proxy arp with /32 and Carp with you isp mask /29.

                    1 Reply Last reply Reply Quote 0
                    • D
                      dudi last edited by

                      Proxy Arp/32 does not function with my alternative IP's from WAN only with PF's interface IP. Carp/29 does well with one of the alternative IP's, but the server boots many times every time I change something. I must test further… :( When I put in a 10 year’s old Sonicwall PRO everything works, but I can’t use this unit instead because it’s feature less. :)

                      @heiko:

                      Proxy arp with /32 and Carp with you isp mask /29.

                      1 Reply Last reply Reply Quote 0
                      • D
                        dudi last edited by

                        Ah… When I put on a unic VHID Group on every carp IP everythig was ok... :-)

                        1 Reply Last reply Reply Quote 0
                        • First post
                          Last post